Hackers using Direct Mail in HIPAA Scam

This week, the OCR released a security bulletin explaining that cyber criminals are targeting healthcare organizations via mail sent though the United States Postal Service. 

Physical postcards are being sent to potential victims requesting them to participate in a “Required Security Risk Assessment”. They are then directed to send their assessment to a fraudulent website that poses as the US Department of Health and Human Services (HHS). 

As we've seen in the past years, the sophistication of attacks continues to increase.  Please be aware of emerging tactics used by hackers. Inform your employees to remain vigilant of fraudulent emails, phone calls, SMS messages, and now, direct mail.