Beware of Fraudsters Posing as Government Investigators to Obtain Protected Health Information

April 8, 2020
Cyber Alert

Download a PDF of the Alert

Risk Management Question

What precautions can law firms, along with their lawyers and staff, take when they receive an unexpected request for protected health information (PHI) from someone claiming to be a representative of the Office of Civil Rights (OCR) or the Centers for Disease Control and Prevention (CDC)?

The Issue

The U.S. Department of Health and Human Services (HHS) and the Federal Bureau of Investigation (FBI) have warned about scammers posing as representatives from the OCR or CDC. The phony OCR Investigator may contact HIPAA-covered entities or their business associates to access PHI. The fake CDC representative may claim to have special information about COVID-19. These fraudsters prey on community fears and use threats of enforcement and fines to convince the unsuspecting individual to immediately provide the PHI of others.

Risk Management Solutions

Law firms and clients who maintain PHI should alert their employees about these scams and advise them to take the following actions:

Additional tips from the FBI:

Always think before you click or answer the phone. Remember, let's be careful out there.