OCR: Phishing email targeting HIPAA covered entities

The Department of Health and Human Services’ Office for Civil Rights yesterday alerted the public to a phishing email targeting employees of entities covered by the Health Insurance Portability and Accountability Act and their business associates. The email appears to be an official government communication from OCR Director Jocelyn Samuels and prompts recipients to click a link regarding possible inclusion in the HIPAA Privacy, Security, and Breach Rules Audit Program, the agency said. However, the link directs individuals to a non-governmental website marketing a firm’s cybersecurity services. “In no way is this firm associated with the U.S. Department of Health and Human Services or the Office for Civil Rights,” the agency said. Organizations with questions as to whether they have received an official communication from the agency regarding a HIPAA audit may email the agency at OSOCRAudit@hhs.gov.