Phishing Email Disguised as HIPAA Audit Notification

On November 28, 2016, the U.S. Department of Health and Human Services issued an alert that a phishing scam email is being circulated on mock HHS departmental letterhead under the signature of Jocelyn Samuels, director of the Office of Civil Rights.

This email, which appears to be an official government communication to HIPAA covered entities, prompts recipients to click a link regarding possible inclusion in the HIPAA audit program. The link connects to a non-governmental website marketing a firm’s cybersecurity services.

HHS warns covered entities that this is a serious misuse of government authority. In the event that your organization has a question as to whether it has received an official communication regarding a HIPAA audit, HHS asks you to contact it directly via email at OSOCRAudit@hhs.gov.