Phishing Email Alert Issued by Department of Health and Human Services’ Office for Civil Rights

The Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) announced yesterday that a phishing email is being circulated on mock HHS Departmental letterhead under the signature of OCR’s Director, Jocelyn Samuels.

This email appears to be an official government communication, and targets employees of HIPAA covered entities and their business associates. The email prompts recipients to click a link regarding possible inclusion in the HIPAA Privacy, Security, and Breach Rules Audit Program. The link directs individuals to a non-governmental website marketing a firm’s cybersecurity services. In no way is this firm associated with the U.S. Department of Health and Human Services or the Office for Civil Rights.

OCR takes this unauthorized use of their material very seriously. If you have a question whether you have received an official communication from OCR regarding a HIPAA audit, please contact them via email at

About Gerti Garner

Gerti Garner has over 25 years of experience in employee benefits. She has experience evaluating benefit operations and claim administration services, medical, dental and disability claim audits, monitoring claim experience, setting self-funded budgets, conducting self-funding feasibility studies, health benefits strategic planning, competitive bidding and organizational projects. Trained as a CPA, she has held financial positions in an HMO and two hospitals.

Subscribe to the Bolton Blog