Skip to main content

Watch Out For Emails Asking To Do A HIPAA Audit

By December 27, 2016May 11th, 2022Blog, Cybersecurity

There’s a new phishing email making the rounds that your firm needs to be aware of if you deal with protected health information (PHI) in any way and are subject to HIPAA rules and regulations.

The email is quite good, appearing for all intents and purposes to be an official communication from the Department of Health and Human Services, signed by its Directory, Joycelyn Samuels.

There’s a surprising twist to this story, though. The email was not sent by hackers, but by a private company.

The text of the email indicates that the recipient has (possibly) been included in a HIPAA privacy, security and breach notification audit program currently underway by the OCR. In other words, it looks legitimate, and sounds just dire enough to prompt a click.

If you click the link contained in the email, however, rather than being taken to a government website, you’re taken to a company website, where you’re prompted to do business with them to ensure your compliance with all applicable HIPAA regulations.
It’s an underhanded tactic, taken right out of the hackers’ playbook, and the Department of Health and Human Services is not amused.

Director Samuels has released a formal statement, saying that the matter is currently under investigation, and because of that, has declined to name the company responsible for sending out the emails. She stressed that any official communication from her department regarding audits would be sent from If you don’t see that email address, it’s not an official communication.

Navigating the maze of HIPAA rules and regulations can be difficult enough without companies resorting to hacker tactics to try to get your business.

If you have any questions or concerns about your company’s compliance, we’d be happy to assist. Give us a call and a member of our knowledgeable team will work with you to access your current compliance status, and create a strategy that will ensure you don’t run afoul of Director Samuels or her department.

Jason Manteiga

Jason J. Manteiga, Vice President of Olmec Systems, has been part of the company for over the past 20 years. He believes that having a great work environment and supportive team, is the ultimate key to success. Since being in the IT realm for over 25 years, Jason, along with Olmec Systems, has been on the Inc. 5000 “List of America’s Fastest Growing Private Companies” and Channel Futures MSP 501 “Top Managed Service Providers in North America,” along with other awards and nominations. Jason earned his Bachelor Degree in Information Systems from the New Jersey Institute of Technology. He also holds certifications in Microsoft MCSE, VMWare VCP, and Cisco CCNA. In his spare time, Jason is a contributor for The Center for Social & Legal Research (Privacy Exchange) and a member of the Morris County Chamber of Commerce. His hobbies include cycling and kayaking. He currently lives in New Jersey with his wife, two daughters and son.