Part B Insider (Multispecialty) Coding Alert

Industry Notes:

Fraudulent Cybersecurity Firm Masquerades As the OCR in Phishing Scam

Falling in line with cyber Monday’s tradition of glitches and deceit, a cybersecurity firm targeted HIPAA entities and business associates masquerading as OCR director, Jocelyn Samuels, through email that used an HHS letterhead in a phishing scam.

“The email prompts recipients to click a link regarding possible inclusion in the HIPAA Privacy, Security, and Breach Rules Audit Program. The link directs individuals to a non-governmental website marketing a firm’s cybersecurity services,” the HHS press release from Nov. 28, 2016 said. “In no way is this firm associated with the U.S. Department of Health and Human Services or the Office for Civil Rights. We takethe unauthorized use of this material by this firm very seriously.”

The HHS and OCR jointly urged covered entities and their associates to alert employees immediately of the fraudulent activity and to contact the OCR directly with any leads or information regarding the scam.

Resource: For the link to the HHS press release and details on how to contact the OCR regarding this phishing operation, visit https://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/audit/.