OCR warns providers to be on the lookout for a fake email
November 29, 2016
— The U.S. Office for Civil Rights issued an alert Nov. 28, warning health care providers of a phishing email disguised as an official OCR audit communication.
"It has come to our attention that a phishing email is being circulated on mock Health and Human Services Departmental letterhead under the signature of OCR's director, Jocelyn Samuels," said OCR in the alert. "This email appears to be an official government communication, and targets employees of HIPAA-covered entities and their business associates.
"The email prompts recipients to click a link regarding possible inclusion in the Health Insurance Portability and Accountability Act Privacy, Security, and Breach Rules Audit Program," the alert continued. "The link directs individuals to a non-governmental website marketing a firm's cybersecurity services. In no way is this firm associated with the U.S. Department of Health and Human Services or the Office for Civil Rights."
OCR urged organizations or individuals with questions about official agency communications regarding HIPAA audits to contact the office via email at OSOCRAudit@hhs.gov
For more information about phishing scams, the Federal Trade Commission website has a resources page here
and also has a page with tips for consumers
The ADA Center for Professional Success also has tips
to help ADA member dentists safeguard their practice from hackers.