HHS OCR warns of phishing email aimed at HIPAA covered entities

The U.S. Department of Health and Human Services’ (HHS) reports that a phishing email is being circulated on mock HHS departmental letterhead under the signature of Office of Civil Rights (OCR) Director Jocelyn Samuels.

The email appears to be an official government communication and targets employees of HIPAA covered entities and their business associates. The email prompts recipients to click a link regarding possible inclusion in the HIPAA Privacy, Security, and Breach Rules Audit Program.

The link actually directs individuals to a non-governmental website marketing a firm’s cybersecurity services. The firm is NOT associated with the U.S. Department of Health and Human Services or the Office for Civil Rights. Anyone with questions about whether a particular email is official can contact HHS via email at OSOCRAudit@hhs.gov.