The Office for Civil Rights at the U.S. Department of Health and Human Services has released a warning of fraudulent postcards targeting healthcare organizations. 

In a technology based world, we are use to being hypervigilant about compromised mail coming through our email inbox. However this paper version scam is just as concerning.

Appearing as a form of communication from the OCR, these fraudulent postcards are gaining attention of healthcare organizations by claiming to be a notice of a mandatory HIPAA compliance risk assessment.

The fraudulent postcards include a URL to visit, encouraging immediate action. The link is a non-governmental website and has no affiliation with the OCR.

In order to protect yourself, your business and sensitive information, The IT Company joins the OCR in highly encouraging individuals to verify the legitimacy of any communication appearing to come from the OCR, before taking action.

Any valid email communication from the OCR will come from an address ending in @hhs.gov. To confirm if a physical address is valid, visit OCR’s website to view their HQ and Regional Office addresses. Stay alert and be cautious of this potential scam. 

Alongside the OCR's announcement, the National Institutes of Health also released a report of fraudulent postcards, including an example of what they may look like. 

Our objective in sharing this warning with you is to help aid your business in best security practices and awareness. If you have any questions or concerns, contact us at The IT Company.