Doctor concerned with health care law

Breaking news and expert analysis on legal and compliance issues

[Back To Home][Back To Archives]

From Health Law Daily, November 30, 2016

Scammers on phishing expedition, OCR warns

By Anthony H. Nguyen, J.D.

Entities receiving an email on HHS Departmental letterhead under the signature of the HHS Office for Civil Rights (OCR) Director Jocelyn Samuels were alerted that the letter could possibly be part of a phishing expedition to breach data systems. The email appears to be an official government communication and targets employees of HIPAA covered entities and their business associates (BA). BAs should be especially careful as the OCR has begun to notify select BAs of their inclusion in the Phase 2 HIPAA audits.

The email prompts recipients to click a link regarding possible inclusion in the HIPAA Privacy, Security, and Breach Rules Audit Program. The link directs individuals to a non-governmental website marketing a firm’s cybersecurity services. This firm is not associated with the OCR.

The OCR stated that the phishing email originates from the email address OSOCRAudit@hhs-gov.us and directs individuals to a URL at http://www.hhs-gov.us. This is a subtle difference from the official email address for our HIPAA audit program, OSOCRAudit@hhs.gov. Subtle changes are typical in phishing scams and can lead to additional data breaches. For instance, the Ponemon Institute’s Fifth Annual Benchmark Study on Privacy and Security of Healthcare Data found that health care organizations’ and their business associates’ total data breach costs were approximately $6 billion (see We need a bigger boat: Whaling, the latest threat to cybersecurity, April 28, 2016.).

MainStory: TopStory GeneralNews HIPAANews ComplianceNews HITNews CyberPrivacyFeed

Back to Top

Health Law Daily

Introducing Wolters Kluwer Health Law Daily — a daily reporting service created by attorneys, for attorneys — providing same-day coverage of breaking news, court decisions, legislation, and regulatory activity.


A complete daily report of the news that affects your world

  • View full summaries of federal and state court decisions.
  • Access full text of legislative and regulatory developments.
  • Customize your daily email by topic and/or jurisdiction.
  • Search archives for stories of interest.

Not just news — the right news

  • Get expert analysis written by subject matter specialists—created by attorneys for attorneys.
  • Track law firms and organizations in the headlines with our new “Who’s in the News” feature.
  • Promote your firm with our new reprint policy.

24/7 access for a 24/7 world

  • Forward information with special copyright permissions, encouraging collaboration between counsel and colleagues.
  • Save time with mobile apps for your BlackBerry, iPhone, iPad, Android, or Kindle.
  • Access all links from any mobile device without being prompted for user name and password.