OCR Issues Healthcare Phishing Email Alert

November 25, 2016

The U.S. Department of Health and Human Services (HHS) Office for Civil Right (OCR) has issued an alert regarding a phishing e-mail disguised as an official OCR audit communication.

According to OCR the email targets employees of HIPAA covered entities and their business associates. The email appears to be an official government communication, and prompts recipients to click a link regarding possible inclusion in the HIPAA Privacy, Security, and Breach Rules Audio Program. The link directs individuals to a non-governmental website, marketing a firm’s cybersecurity services, according to OCR.

“In no way is this firm associated with the U.S. Department of Health and Human Services or the Office for Civil Rights. We take the unauthorized use of this material by this firm very seriously,” OCR stated.

The agency advises that if you have questions as to whether you have received an official communication from OCR regarding a HIPAA audit you should reach out at OSOCRAudit@hhs.gov.

If you have questions about HIPAA compliance or audits, please reach out to the MedMal Direct Risk Management Department at RiskManagement@MedMalDirect.com or call 866.577.0914.