• OCR Provides Additional Clarification on Phishing Scam
  • January 6, 2017 | Author: Jordan T. Cohen
  • Law Firm: Mintz Levin Cohn Ferris Glovsky Popeo P.C. - Boston Office
  • As we reported earlier this week, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights described a phishing campaign that is attempting to convince recipients of their inclusion in OCR’s Phase 2 audit program. The email, which was disguised as an official communication, suggests that recipients click on a link. This link takes recipients to a non-governmental website marketing cybersecurity services.

    On Wednesday, OCR followed up their alert with additional details about the phishing campaign. According to OCR, the phishing email originates from the email address [email protected] and directs individuals to a URL at http://www.hhs-gov.us. OCR points out the subtle difference from the official email address for its HIPAA audit program, [email protected], noting that such subtlety is typical in phishing scams.

    OCR also took the opportunity to confirm that it has notified select business associates of their inclusion in the Phase 2 HIPAA audits.