Ironically, the U.S. Department of Health and Human Services’ Office of Civil Rights (OCR) was targeted. This week OCR notified the healthcare industry via listserv, that a phishing email was unlawfully used to communicate with covered entities and business associates. From the OCR listserv today, November 30, 2016: “Covered entities and business associates should alert their employees of this issue and take note that official communications regarding the HIPAA audit program are sent to selected auditees from the email address OSOCRAudit@hhs.gov” and not the slightly different, OSOCRAudit@hhs-gov.us. This is potentially believable because OCR is launching Phase 2 HIPAA audits of business associates now and communicating with email. Clever timing by cyberattackers.
Reduce your risks by understanding the basics. Workforce training, contingency plans and risk analysis can save you time and money if your practice is hit. Take control and implement defenses against cyberattacks with easy step by step guidance contained in The HIPAA E-Tool. Prepare for a potential audit at the same time.