Don’t let your zeal for HIPAA compliance put you at risk. A cybersecurity firm targeted HIPAA entities and business associates masquerading as Office for Civil Rights director Jocelyn Samuels through email that used a Department of Health & Human Services letterhead in a phishing scam.
“The email prompts recipients to click a link regarding possible inclusion in the HIPAA Privacy, Security, and Breach Rules Audit Program. The link directs individuals to a non-governmental website marketing a firm’s cybersecurity services,” an HHS press release says. “In no way is this firm associated with the U.S. Department of Health and Human Services or the Office for Civil Rights. We take the unauthorized use of this material by this firm very seriously.”
The HHS and OCR jointly urged covered entities and their associates to alert employees immediately of the fraudulent activity and to contact the OCR directly with any leads or information regarding the scam.
Resource: For the link to the HHS press release and details on how to contact the OCR regarding this phishing operation, visit www.hhs.gov/hipaa/for-professionals/compliance-enforcement/audit/.