ARTICLE
5 December 2016

OCR Warns Of Scam Email

DP
Day Pitney LLP

Contributor

Day Pitney LLP logo
Day Pitney LLP is a full-service law firm with more than 300 attorneys in Boston, Connecticut, Florida, New Jersey, New York and Washington, DC. The firm offers clients strong corporate and litigation practices, with experience on behalf of large national and international corporations as well as emerging and middle-market companies. With one of the largest individual clients practices on the East Coast, the firm also has extensive experience assisting individuals and their families, fiduciaries and tax-exempt entities plan for the future.
Explore
It has come to our attention that a phishing email is being circulated on mock HHS Departmental letterhead under the signature of OCR's Director, Jocelyn Samuels.
United States Food, Drugs, Healthcare, Life Sciences
Person photo placeholder
Authors
To print this article, all you need is to be registered or login on Mondaq.com.

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced on November 28, via its Security Listserv, that a private cybersecurity business had circulated an email marketing its services using a fake HHS letterhead. The OCR also placed an alert on its HIPAA Privacy, Security, and Breach Notification Audit Program website.

Although OCR's email to the listserv called the rogue email a phishing attempt, that was not technically the case as the goal of the email was apparently to get recipients to visit the company's website and purchase its services, not to obtain financial information simply by tricking people into clicking on a link.  "Phishing" or not, the company that perpetrated the scam will likely face severe consequences.

The full text of the OCR's alert is as follows:

Alert: Phishing Email Disguised as Official OCR Audit Communication
November 28, 2016

It has come to our attention that a phishing email is being circulated on mock HHS Departmental letterhead under the signature of OCR's Director, Jocelyn Samuels. This email appears to be an official government communication, and targets employees of HIPAA covered entities and their business associates.

The email prompts recipients to click a link regarding possible inclusion in the HIPAA Privacy, Security, and Breach Rules Audit Program. The link directs individuals to a non-governmental website marketing a firm's cybersecurity services.

In no way is this firm associated with the U.S. Department of Health and Human Services or the Office for Civil Rights. We take the unauthorized use of this material by this firm very seriously. In the event that you or your organization has a question as to whether it has received an official communication from our agency regarding a HIPAA audit, please contact us via email at OSOCRAudit@hhs.gov.

For more articles and regular updates on legislative changes, regulatory developments and other news of interest to businesses, professionals and investors in the healthcare industry, please subscribe to Day Pitney's mailing lists.

Click here for more Healthcare Blogs from Day Pitney

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Authors
Person photo placeholder
Day Pitney LLP
Your Author LinkedIn Connections
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More