OCR sent out an email stating that employees of HIPAA covered entities and their business associates should know of an alleged phishing scam which uses Department of Health and Human Services (HHS) letterhead. As per the reports, the email is using a mock HHS department letterhead and OCR Director Jocelyn Samuels’ signature. Efforts are made by the scammers to make phishing emails look like official OCR Audit communication.
“The email prompts recipients to click a link regarding possible inclusion in the HIPAA Privacy, Security, and Breach Rules Audit Program,” OCR warned. “The link directs individuals to a non-governmental website marketing a firm’s cybersecurity services.”
OCR also mentioned that the entity sending the email is not associated with the agency or with HHS.
“We take the unauthorized use of this material by this firm very seriously,” the email read. “In the event that you or your organization has a question as to whether it has received an official communication from our agency regarding a HIPAA audit, please contact us.”
Phishing scams involves emails, messages, phone calls, websites to obtain sensitive information such as usernames, passwords, and credit card details. It is done mostly posing as trustworthy entity.
Recent Wombat survey on phishing as below assessment :
Thirteen percent of respondents from healthcare industry clicked on simulated phishing emails
In Manufacturing and energy sector, nine percent clicked on simulated phishing emails
Clearly, phishing is a focus area across the industry, but the efforts can’t stop there,” Wombat President and CEO Joe Ferrara said in a statement. “To reduce cyber risk in organizations, security education programs must teach and assess end users across many topic areas, like oversharing on social media and proper data handling. Many of these risky behaviors exacerbate the phishing problem.”
Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.