Share this article on:
It has come to our attention that an individual not associated with HIPAA Journal has registered an email address using the HIPAA Journal brand name and is contacting physicians warning them about alleged HIPAA violations by a healthcare company.
The email address being used in this spoofing campaign is firstname.lastname@example.org
The subject lines of the emails reported so far are:
“HIPAA Violation Warning”
The image below is an example of one of the messages sent in this spoofing campaign:
Further emails allege several HIPAA violations have occurred at this healthcare company and the emails claim HIPAA Journal is actively investigating the violations and has obtained proof that HIPAA has been violated. This is not the case. No investigation has been launched and no evidence of any HIPAA violations has been obtained by HIPAA Journal.
The emails contain links to the website – www.hipaajournal.com – and others in an attempt to add credibility. This does not appear to be a phishing campaign, but an attempt to use the HIPAA Journal name to add credibility to allegations of HIPAA violations.
If you receive an email from email@example.com, please forward a copy to firstname.lastname@example.org and delete the message. Do not click any of the links embedded in the email and disregard the content.
We have taken steps to close the Google account associated with this email address (email@example.com) and will post further information as and when it becomes available.