CMS warns of phishing fax scheme; AHA monitoring other reported social engineering schemes 

Jun 26, 2025 - 04:04 PM
Cybersecurity image of a digital lock

The Centers for Medicare & Medicaid Services today announced it has identified a fraud scheme targeting Medicare providers and suppliers. CMS said scammers are impersonating the agency, sending phishing fax requests for medical records and other documentation while falsely claiming to be part of a Medicare audit. CMS said it does not initiate audits by requesting medical records via fax. The agency advised against responding if someone suspects they received a suspicious request and to work with their medical review contractor to confirm the validity of the request. 
 
“In typical fashion, scammers are taking advantage of the latest headlines to steal funds and information from individuals and organizations,” said John Riggi, AHA national advisor for cybersecurity and risk.  
 
In addition to the fax scam, Riggi said the AHA continues to receive reports of increased social engineering schemes targeting hospital IT, human resources, vendor and patient portal help desks. “These schemes may involve a combination of phone, text and synthetic audio and video,” Riggi said. “Organizations should ensure strict multifactor authentication protocols are in place, train help desk staff on these schemes and enhance help desk challenge questions. If your organization becomes a victim of a social engineering scheme, report the incident to the FBI Internet Crime Complaint Center at www.ic3.gov.

For more information on this or other cyber and risk issues, contact Riggi at jriggi@aha.org. For the latest cyber and risk resources and threat intelligence, visit aha.org/cybersecurity

Related News Articles

Headline
AHA, FBI release resource on behavioral threat assessment and management
The AHA Feb. 9 released a series of behavioral threat assessment and management resources developed in partnership with the FBI’s Behavioral Analysis Unit-1.…
Headline
AHA podcast: The FBI’s Campaign Against Cyberthreats Part 1
John Riggi, AHA national advisor for cybersecurity and risk, talks with Brett Leatherman, FBI assistant director, Cyber Division, and Gretchen Burrier, FBI…
Perspective
Providing Solutions to Address Challenges with MA Plans
Public
More than 34.1 million Americans were enrolled in a Medicare Advantage plan in 2025, accounting for 54% of all Medicare beneficiaries. We have seen enrollment…
Headline
Open-source text program Notepad++ impacted by critical vulnerability
The National Institute of Standards and Technology Feb. 2 published details on a critical vulnerability that impacted Notepad++, a free, open-source text and…
Headline
FBI launches campaign to protect hospitals, other critical infrastructure against cyberattacks
The FBI has launched a two-month campaign, Operation Winter SHIELD (Securing Homeland Infrastructure by Enhancing Layered Defense), highlighting 10 actions…
Headline
Analysis: MA insurers made 53 million prior authorization determinations in 2024
A KFF analysis released Jan. 28 found that Medicare Advantage insurers made nearly 53 million prior authorization determinations in 2024, an increase…