HHS Warns Physicians of Email Scam

The US Department of Health and Human Services (HHS) and its Office for Civil Rights (OCR) recently issued a warning about an email that disguises itself as an official communication from HHS. The email, commonly known as a “phishing” email, prompts recipients to click a link regarding possible inclusion in the HIPAA Privacy, Security, and Breach Rules Audit Program and directs individuals to a nongovernmental website marketing a firm’s cybersecurity services.

The phishing email originates from the email address OSOCRAudit@hhs-gov.us and directs individuals to a URL at www.hhs-gov.us. This is a subtle difference from the official email address for the HIPAA audit program, OSOCRAudit@hhs.gov. Such deviousness is typical in phishing scams.

In no way is the firm associated with HHS or OCR. In the event that you or your organization has a question about the legitimacy of an apparently official communication from the agency regarding a HIPAA audit, please contact OCR via email OSOCRAudit@hhs.gov.


Share this Post