CyberSecurity Hits Home at the Department of Health and Human Services

Ironically, the U.S. Department of Health and Human Services’ Office of Civil Rights (OCR) was targeted. This week OCR notified the healthcare industry via listserv, that a phishing email was unlawfully used to communicate with covered entities and business associates. From the OCR listserv today, November 30, 2016: “Covered entities and business associates should alert their employees of this issue and take note that official communications regarding the HIPAA audit program are sent to selected auditees from the email address OSOCRAudit@hhs.gov” and not the slightly different, OSOCRAudit@hhs-gov.us.  This is potentially believable because OCR is launching Phase 2 HIPAA audits of business associates now and communicating with email. Clever timing by cyberattackers.

Reduce your risks by understanding the basics. Workforce training, contingency plans and risk analysis can save you time and money if your practice is hit. Take control and implement defenses against cyberattacks with easy step by step guidance contained in The HIPAA E-Tool. Prepare for a potential audit at the same time. 

Share This Post

Maggie Hales

Maggie Hales is a lawyer focusing on health information privacy and security. As CEO of ET&C Group LLC she advises health care providers and business associates in 36 states, Canada, Egypt, India and the EU, using The HIPAA E-Tool® to deliver up to date policies, forms and training on everything related to HIPAA compliance.

Copyright © 2023 ET&C Group LLC.

The HIPAA E-Tool® and Protecting Patient Privacy is Our Job®
are registered trademarks of ET&C Group LLC

Terms of Use | Privacy Policy | Cookies Policy | Privacy Settings | HTML/XML Sitemap

Mailing Address
The HIPAA E-Tool
PO Box 179104
St. Louis, MO 63117-9104

Office
8820 Ladue Road Suite 200
St. Louis, MO 63124

Powered by JEMSU