Phishing Scam Targets HIPAA Compliance Officers

Rivkin Radler LLP
Contact

Rivkin Radler LLP

The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) recently warned healthcare providers and organizations about a new phishing scam that targets HIPAA Compliance Officers. Postcards are being mailed to various healthcare organizations that appear to be an official communication from OCR, stating that a mandatory HIPAA compliance risk assessment must be completed. The postcards are addressed to the organizations’ HIPAA Compliance Officers and claim to come from the Secretary of Compliance of the HIPAA Compliance Division, which does not actually exist.

The postcards advise recipients to visit a website to complete the “mandatory” risk assessment, but the website is a non-government site that appears to market consulting services. The postcards also include a warning that “HIPAA violations cost your practice. The federal fines for noncompliance are based on perceived negligence found within your organization at the time of the HIPAA violation.” Although the warning is somewhat valid (albeit exaggerated), the postcards are fraudulent and should be disregarded.

Healthcare organizations should remind their HIPAA Compliance Officers and other workforce members to stay vigilant about misleading communications and phishing scams. OCR also reminded healthcare organizations that any official communication from OCR would come from the following address: Office for Civil Rights, U.S. Department of Health and Human Services, 200 Independence Avenue, SW, Room 509F, HHH Building, Washington, D.C. 20201. Any requests to contact OCR via email would provide an email address ending with “@hhs.gov”. If an organization receives any suspect communication, it should report it to the Federal Bureau of Investigation.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations. Attorney Advertising.

© Rivkin Radler LLP

Written by:

Rivkin Radler LLP
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Rivkin Radler LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide