"It has come to our attention that a phishing email is being circulated on mock Health and Human Services Departmental letterhead under the signature of OCR's director, Jocelyn Samuels," said OCR in the alert. "This email appears to be an official government communication, and targets employees of HIPAA-covered entities and their business associates.
"The email prompts recipients to click a link regarding possible inclusion in the Health Insurance Portability and Accountability Act Privacy, Security, and Breach Rules Audit Program," the alert continued. "The link directs individuals to a non-governmental website marketing a firm's cybersecurity services. In no way is this firm associated with the U.S. Department of Health and Human Services or the Office for Civil Rights."
OCR urged organizations or individuals with questions about official agency communications regarding HIPAA audits to contact the office via email at OSOCRAudit@hhs.gov.
For more information about phishing scams, the Federal Trade Commission website has a resources page here and also has a page with tips for consumers.
The ADA Center for Professional Success also has tips to help ADA member dentists safeguard their practice from hackers.