Don’t Get Fooled: Fake OCR E-Mail Phishing for HIPAA-Covered Entities
December 16, 2016 | Aging Services Risk, Quality, & Safety Guidance
An unauthorized phishing e-mail purporting to be from U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) director Jocelyn Samuels has been targeting employees and business associates of entities covered by the Health Insurance Portability and Accountability Act (HIPAA), according to a November 28, 2016, alert. The e-mail, which appears at first to be an official government communication, prompts recipients to click on a link regarding possible participation in a HIPAA privacy, security, and breach rules audit program. It then redirects users to a nongovernmental website advertising cybersecurity services that HHS says is "in no way" associated with HHS or OCR.