Office for Civil Rights: Phishing email targeting HIPAA covered entities

December 1, 2016

The Department of Health and Human Services’ Office for Civil Rights (OCR) this week alerted the public to a phishing email targeting employees of entities covered by the Health Insurance Portability and Accountability Act and their business associates. The email appears to be an official government communication from OCR Director Jocelyn Samuels and prompts recipients to click a link regarding possible inclusion in the HIPAA Privacy, Security and Breach Rules Audit Program, the agency said.

However, the link directs individuals to a non-governmental website marketing a firm’s cybersecurity services. “In no way is this firm associated with the U.S. Department of Health and Human Services or the Office for Civil Rights,” the agency said. Organizations with questions as to whether they have received an official communication from the agency regarding a HIPAA audit may email the agency at (Tim Pfarr)


Contact Us

Washington State Hospital Association
999 Third Avenue
Suite 1400
Seattle, WA 98104

Map / Directions

206.281.7211 phone
206.283.6122 fax

Staff List