Skip to content Skip to navigation

OCR Issues Alert about Phishing Email Disguised as Official OCR Audit Email

November 28, 2016
by Heather Landi
| Reprints
Click To View Gallery

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) issued an alert Monday regarding a phishing email disguised as an official OCR audit communication.

“It has come to our attention that a phishing email is being circulated on mock HHS Departmental letterhead under the signature of OCR’s Director, Jocelyn Samuels. This email appears to be an official government communication, and targets employees of HIPAA covered entities and their business associates,” OCR stated in the alert.

The email prompts recipients to click a link regarding possible inclusion in the HIPAA Privacy, Security, and Breach Rules Audit Program. The link directs individuals to a non-governmental website marketing a firm’s cybersecurity services, according to OCR.

“In no way is this firm associated with the U.S. Department of Health and Human Services or the Office for Civil Rights. We take the unauthorized use of this material by this firm very seriously,” OCR stated.

The agency advises that any organizations with questions as to whether they have received an official communication from OCR regarding a HIPAA audit should contact that agency via email at OSOCRAudit@hhs.gov.

Get the latest information on Cybersecurity and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More

Topics

News

NFL Strikes Deal to Give Players Control of Wearable Data

The National Football League Players Association (NFLPA) and human performance company Whoop are connecting on a deal that will give athletes the ability to control and even sell their own health data from a wearable device.

Media Report: Anthem Loses Appeal to Overturn Blocked Merger with Cigna

According to a report from Bloomberg posted today, Anthem Inc. lost its bid to overturn a court ruling that blocked its planned merger with Cigna Corp.

ONC Releases Proposed Interoperability Standards Measurement Framework

The Office of the National Coordinator for Health IT (ONC) is soliciting feedback about a proposed industry-wide measurement framework, which it released this week, to assess the implementation and use of healthcare interoperability standards.

VETS Act Introduced to Expand Veterans’ Access to Telehealth Services

U.S. Senators Joni Ernst (R-IA) and Mazie Hirono (D-HI), both members of the Senate Armed Services Committee, reintroduced this week the Veterans E-Health and Telemedicine Support Act of 2017 (VETS Act), bipartisan legislation that aims to expand telehealth services provided by the Department of Veterans Affairs (VA).

Mayo Clinic Makes Health Content Available via Epic’s Patient Apps

Rochester, Minn.-based Mayo Clinic is now offering its health information on demand via Epic patient-facing apps such as MyChart and MyChart Bedside.

Report: Cyber Attackers Using Simple Tactics, Tools to Target Healthcare, Other Industries

The number of reported breach incidents in healthcare grew by 22 percent in 2016 from 269 breach incidents in 2015 to 328 last year, according to Symantec’s 2017 Internet Security Threat Report (ISTR).