If you are a small to medium-sized organization, please be aware that as recently as December of 2016, evidence has surfaced of a new phishing email. In truth, it is actually a fake email asking for a HIPAA audit due to a supposed privacy and security breach of protected health information (PHI) in your establishment. The email looks like an official email from the Department of Health and Human Services, even to the extent where it uses the signature of Joycelyn Samuels, the director of HHS. If you receive such an email, don’t fall for it.
Although phishing scams are typically performed by an individual or group of hackers, an actual company distributed this phishing email. This particular company decided to promote its own business by way of a scam.
If the recipient decides to click on a link inside the email, they are taken to their company site which then presents information on how to make sure your organization is in compliance with HIPAA regulations. It is disconcerting to say the least, that a company who on some level must want to maintain a level of legitimacy would stoop to such an act.
The Department of Health and Human Services is already investing this company and therefore is unable to release its name. They have also stated any communication about a HIPAA audit from the HHS department is actually sent from: OSOCRAudit@hhs.gov.
If you receive anything that looks like an official email from HHS, be sure to check where the email originated from before you clink on any links within the email.
If you have questions or concerns about this particular phishing scam, please contact us for more information.