CMS warns of phishing fax scheme; AHA monitoring other reported social engineering schemes 

Jun 26, 2025 - 04:04 PM
Cybersecurity image of a digital lock

The Centers for Medicare & Medicaid Services today announced it has identified a fraud scheme targeting Medicare providers and suppliers. CMS said scammers are impersonating the agency, sending phishing fax requests for medical records and other documentation while falsely claiming to be part of a Medicare audit. CMS said it does not initiate audits by requesting medical records via fax. The agency advised against responding if someone suspects they received a suspicious request and to work with their medical review contractor to confirm the validity of the request. 
 
“In typical fashion, scammers are taking advantage of the latest headlines to steal funds and information from individuals and organizations,” said John Riggi, AHA national advisor for cybersecurity and risk.  
 
In addition to the fax scam, Riggi said the AHA continues to receive reports of increased social engineering schemes targeting hospital IT, human resources, vendor and patient portal help desks. “These schemes may involve a combination of phone, text and synthetic audio and video,” Riggi said. “Organizations should ensure strict multifactor authentication protocols are in place, train help desk staff on these schemes and enhance help desk challenge questions. If your organization becomes a victim of a social engineering scheme, report the incident to the FBI Internet Crime Complaint Center at www.ic3.gov.

For more information on this or other cyber and risk issues, contact Riggi at jriggi@aha.org. For the latest cyber and risk resources and threat intelligence, visit aha.org/cybersecurity

Related News Articles

Perspective
Strengthening Medicare Advantage to Better Serve Today’s Seniors
Public
Approximately 35 million Americans are enrolled in Medicare Advantage plans in 2026, and that number is expected to grow to about 45 million MA enrollees by…
Headline
CMS releases details to download upcoming CAH payment patterns report
The Centers for Medicare & Medicaid Services has released details on downloading its upcoming fiscal year 2025 Program for Evaluating Payment Patterns…
Headline
HHS launches competition to support community care hubs working with health care providers 
The Department of Health and Human Services Administration for Community Living has launched the first phase of its Health at Home Challenge, a competition to…
Headline
AHA pushes back on Families USA report
The AHA shared the following statement with the media in response to a report released May 7 by Families USA.   “This report is long on rhetoric and…
Headline
Microsoft warns of sophisticated phishing campaign heavily targeting health care organizations
Microsoft Threat Intelligence is warning of a large scale, multistage phishing campaign that disproportionately targeted the health care sector, sending “code…
Headline
AHA expresses support for comprehensive bill on Medicare Advantage reform
The AHA May 7 wrote to House and Senate lawmakers in support of the Medicare Advantage Improvement Act (H.R. 8375/S. 4384), bipartisan and bicameral…