Alert: Phishing Email Disguised as Official OCR Audit Communication

I received an interesting alert from OCR yesterday about a phishing scheme using their letterhead:

November 28, 2016

It has come to our attention that a phishing email is being circulated on mock HHS Departmental letterhead under the signature of OCR’s Director, Jocelyn Samuels. This email appears to be an official government communication, and targets employees of HIPAA covered entities and their business associates.

The email prompts recipients to click a link regarding possible inclusion in the HIPAA Privacy, Security, and Breach Rules Audit Program. The link directs individuals to a non-governmental website marketing a firm’s cybersecurity services.

In no way is this firm associated with the U.S. Department of Health and Human Services or the Office for Civil Rights. We take the unauthorized use of this material by this firm very seriously. In the event that you or your organization has a question as to whether it has received an official communication from our agency regarding a HIPAA audit, please contact us via email at [email protected].

Texas Enacts Electronic Health Record Data Localization Law July 17, 2025
United Australia Party confirms ransomware attack, personal data and email correspondence exposed July 17, 2025
Armenian National Extradited to the United States Faces Federal Charges for Ransomware Extortion Conspiracy July 16, 2025
70% of healthcare cyberattacks result in delayed patient care, report finds July 16, 2025
Police disrupt “Diskstation” ransomware gang attacking NAS devices July 16, 2025

Related: