On November 28, 2016, the Office of Civil Rights of the Department of Health and Human Services, the entity responsible for HIPAA administration, issued an alert about a potential “phishing” email scam. The email purports to come from OCR’s Director, Jocelyn Samuels, and targets employees of covered entities and business associates. The email appears legitimate and includes a link concerning the audit program. By clicking on the link, the user is redirected to a cybersecurity firm marketing website.
For those who may not be familiar with the term, “phishing” refers to an email that looks official or legitimate, but then redirects the person to an unaffiliated website. Common “phishing” emails mimic requests from credit card companies for personal information, auction sites for login information, and banks for updated privacy information. As always, if you have received an email that you did not expect and have questions about it, contact the alleged source directly to verify before opening.