HIPAA-compliance postcards a scam, Office for Civil Rights warns

The Office for Civil Rights alerted healthcare organizations to be on the lookout for a new fraud attempt using postcards to gather sensitive information, according to The National Law Review.

Four things to know:

1. The office said healthcare organizations are receiving postcards with information about a mandatory HIPAA compliance risk assessment. The postcards appear to be sent from the Office for Civil Rights, but they are fraudulent.

2. The postcards claim to be from the secretary of compliance in the HIPAA compliance division of the Office for Civil Rights, which does not exist.

3. Typically, the postcards are sent to the healthcare organization's HIPAA privacy and security officers and direct those individuals to a website link for more information about a risk assessment. The postcards also provide a number to call and email address to contact.

4. The website provided for the HIPAA requirements is not a governmental website.

More articles on cybersecurity:
Arkansas medical center fires nurse for inappropriately accessing 772 patients' medical records
Nearly 34,000 patients' info exposed after email hack at U of Maryland Medical Center faculty practice plan
San Antonio hospital accidentally posts information of 1,200 patients online: 4 details

© Copyright ASC COMMUNICATIONS 2020. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.