SCL Health has been notified of a phishing campaign posing as a communication from the U.S. Department of Health & Human Services (HHS) Office for Civil Rights (OCR). This email is being circulated on HHS letterhead and includes the signature of the OCR Director, Jocelyn Samuels. Although this appears to be an official government communication, it is really an attempt to commit fraud against Health Insurance Portability and Accountability Act (HIPAA) covered entities and business associates.
The fraudulent email prompts the recipient to click a link regarding the possible inclusion in the HIPAA Privacy, Security and Breach Rules Audit Program. The link redirects you to a non-governmental website marketing cybersecurity services. This phishing email is in no way associated with the U.S. Department of Health and Human Services or the Office for Civil Rights.
If you receive any email regarding the OCR Audit Program:
- Please do not click on links or provide any information.
- Forward the email directly to either Donna Moranville at firstname.lastname@example.org or Howard Haile at email@example.com.
- If we receive the email from you, we will determine whether it is a legitimate communication or a phishing attempt, and let you know how to proceed.
Thank you for your being diligent in helping protect our system.