In a notice last week, the association said HIPAA-covered entities should notify their staff. All OCR investigators have email addresses end with @hhs.gov. If staff receive a phony email, they should ask for a confirming email from the hhs.gov email account.
The OCR has halted many investigations. In March, President Donald Trump announced that his administration would not be enforcing HIPAA penalties.
More articles on cybersecurity:
State-by-state breakdown of ransomware attacks on healthcare providers
5 recent data breaches caused by human error
Indiana hospital alerts 2,600 patients of human error data breach
