https://www.healthcareitnews.com/news/ocr-warns-hospitals-apparent-hipaa-compliance-scams
By Mike Miliard
Healthcare IT News
August 11, 2020
The Office for Civil Rights at the U.S. Department of Health and Human
Services has warned health systems about what appears to be something of
an old-fashioned and low-tech phishing attempt: fraudulent postcards, most
addressed to hospital privacy officers, that warn of noncompliance with a
mandatory risk assessment.
According to a report in the National Law Review, OCR on August 9 sent a
listserv alert that it had become "aware of postcards being sent to health
care organizations disguised as official OCR communications, claiming to
be notices of a mandatory HIPAA compliance risk assessment."
The American Hospital Association, meanwhile, notes that the cards,
addressed to "HIPAA Compliance Officer," purport to be from someone with a
nonexistent title at HHS ("Secretary of Compliance, HIPAA Compliance
Division") and bear a D.C. return address that doesn't belong to HHS.
[...]
--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
Follow InfoSec News on Twitter
https://twitter.com/infosecnews_
Follow InfoSec News on LinkedIn
https://www.linkedin.com/company/infosecnews/
