HHS Alert: Phishing Email Disguised as Official HIPAA Audit Communication

Email Targets Employees of HIPAA Covered Entities & Their Business Associates

The U.S. Department of Health and Human Services (HHS) has become aware of a phishing email that is being circulated on mock HHS Departmental letterhead under the signature of the Office of Civil Rights’ Director, Jocelyn Samuels.

The email appears to be an official government communication, and targets employees of HIPAA covered entities and their business associates. The email prompts recipients to click a link regarding possible inclusion in the HIPAA Privacy, Security, and Breach Rules Audit Program. The link then directs individuals to a non-governmental website marketing a firm’s cybersecurity services—in no way is this firm associated with HHS or the Office for Civil Rights.

Employers with questions as to whether they have received an official communication from HHS regarding a HIPAA audit are advised to contact HHS via email at [email protected].