CMS warns of phishing fax scheme; AHA monitoring other reported social engineering schemes 

Jun 26, 2025 - 04:04 PM
Cybersecurity image of a digital lock

The Centers for Medicare & Medicaid Services today announced it has identified a fraud scheme targeting Medicare providers and suppliers. CMS said scammers are impersonating the agency, sending phishing fax requests for medical records and other documentation while falsely claiming to be part of a Medicare audit. CMS said it does not initiate audits by requesting medical records via fax. The agency advised against responding if someone suspects they received a suspicious request and to work with their medical review contractor to confirm the validity of the request. 
 
“In typical fashion, scammers are taking advantage of the latest headlines to steal funds and information from individuals and organizations,” said John Riggi, AHA national advisor for cybersecurity and risk.  
 
In addition to the fax scam, Riggi said the AHA continues to receive reports of increased social engineering schemes targeting hospital IT, human resources, vendor and patient portal help desks. “These schemes may involve a combination of phone, text and synthetic audio and video,” Riggi said. “Organizations should ensure strict multifactor authentication protocols are in place, train help desk staff on these schemes and enhance help desk challenge questions. If your organization becomes a victim of a social engineering scheme, report the incident to the FBI Internet Crime Complaint Center at www.ic3.gov.

For more information on this or other cyber and risk issues, contact Riggi at jriggi@aha.org. For the latest cyber and risk resources and threat intelligence, visit aha.org/cybersecurity

Related News Articles

Blog
Setting the Record Straight: Separating Fact from Fiction on Health Insurance Marketplace Fraud
Public
The Paragon Health Institute has published a series of new reports once again alleging large-scale “fraud” in health care. This time their target is enrollment…
Headline
FBI warns Russian cybercriminals attacking devices using Cisco software with unpatched vulnerability
The FBI Aug. 20 released an advisory warning of malicious activity by Russian cyber actors targeting end-of-life devices running an unpatched vulnerability in…
Headline
HHS, CMS to form committee providing federal health program recommendations
The Department of Health and Human Services and the Centers for Medicare & Medicaid Services Aug. 21 announced the creation of a Healthcare Advisory…
Headline
Study shows Medicare Part D changes could lead to higher cost sharing for some beneficiaries
A JAMA study published Aug. 18 found that plan design changes by Medicare Part D insurers, particularly for Medicare Advantage plans, following passage of the…
Headline
Guidance offers steps to create, maintain operational technology asset inventory for protection
The Cybersecurity and Infrastructure Security Agency, Environmental Protection Agency, National Security Agency, FBI and international agencies Aug. 13…
Headline
DOJ announces disruption of BlackSuit ransomware group 
The Department of Justice Aug. 11 announced a series of actions taken against the BlackSuit ransomware group, also known as “Royal,” including the disruption…