The U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) issued an alert on November 28, 2016, regarding an email purporting to be from OCR.  This phishing email can look like an official government email which may use fake HHS letterhead and may even appear to be signed by OCR’s Director, Jocelyn Samuels.

OCR says:

The email prompts recipients to click a link regarding possible inclusion in the HIPAA Privacy, Security, and Breach Rules Audit Program.  The link directs individuals to a non-governmental website marketing a firm’s cybersecurity services. In no way is this firm associated with the U.S. Department of Health and Human Services or the Office for Civil Rights.”

If you or your organization has a question about whether you received an official communication, OCR suggests that you contact them via email at OSOCRAudit@hhs.gov.

The alert can be found at the following link: OCR Alert.