The Department of Health and Human Services has issued an alert regarding phishing attempts by a company or individual utilizing the HHS Departmental letterhead under the signature of OCR’s Director. The email appears to be an official government communication and targets employees of HIPAA covered entities and their business associates. The email prompts recipients to click a link regarding possible inclusion in the HIPAA Privacy, Security, and Breach Rules Audit Program. The link directs individuals to a non-governmental website that markets a firm’s cybersecurity services. The Department of HHS and the Office for Civil Rights is not associated with this firm. In the event you or your organization has a question as to whether it has received an official communication from a government agency regarding a HIPAA audit, please contact OSOCRAudit@hhs.gov.
To read more about this Alert and the HIPAA Audit Program, please click here.
