log in
All Articles | Back

Member Articles


HHS Advises on Fraudulent Postcard Disguised as Official OCR Communication 

by Jennifer Mitchell, Jared Bruce

Published: May, 2021

Submission: May, 2021

 



On April 26, 2021, the Department of Health and Human Services (HHS) Office of Civil Rights (OCR) announced on its OCR Security List Digest that OCR had been made aware of misleading postcards being sent to health care organizations.  The postcards inform recipients that they must participate in a “Required Security Risk Assessment.,” It directs them to send their risk assessment to www.hsaudit.org,  a non-governmental website marketing consulting service.  The postcard notification does not come from OCR or HHS.


OCR has recommended that HIPAA-covered entities and business associates should alert their workforce members to this misleading communication. According to OCR, covered entities and business associates can verify that a communication is from OCR by looking for the OCR address or email address, which will end in @hhs.gov. They can also ask for a confirming email from the OCR investigator’s hhs.gov email address. The addresses for OCR’s HQ and regional offices are available on the OCR website.


This is a good reminder to all HIPAA-covered entities and business associates to be on the lookout for phishing schemes. Typically, a bad actor engaging in a phishing scheme will attempt to dupe their potential victim by posing as a trusted individual, such as a government agency, or personal contact. In the event that you are ever suspicious that such a communication is a phishing scheme, verify that email addresses are indeed from the entities that they purport to be representing as suggested by OCR above.


If you have any questions regarding this bulletin distributed by HHS-OCR, or other health care cybersecurity concerns, please contact your Dinsmore health care attorney.                                                                                                                                                                                                                                                                                                                                                                  


 



Link to article

 

MEMBER COMMENTS

 

 

WSG Member: Please login to add your comment.

    Disclaimer

WSG's members are independent firms and are not affiliated in the joint practice of professional services. Each member exercises its own individual judgments on all client matters.

HOME | SITE MAP | GLANCE | PRIVACY POLICY | DISCLAIMER |  © World Services Group, 2021