The US Department of Health and Human Services (HHS) and its Office for Civil Rights (OCR) recently issued a warning about an email that disguises itself as an official communication from HHS. The email, commonly known as a “phishing” email, prompts recipients to click a link regarding possible inclusion in the HIPAA Privacy, Security, and Breach Rules Audit Program and directs individuals to a nongovernmental website marketing a firm’s cybersecurity services.
The phishing email originates from the email address [email protected] and directs individuals to a URL at www.hhs-gov.us. This is a subtle difference from the official email address for the HIPAA audit program, [email protected]. Such deviousness is typical in phishing scams.
In no way is the firm associated with HHS or OCR. In the event that you or your organization has a question about the legitimacy of an apparently official communication from the agency regarding a HIPAA audit, please contact OCR via email [email protected].