The Centers for Medicare & Medicaid Services today announced it has identified a fraud scheme targeting Medicare providers and suppliers. CMS said scammers are impersonating the agency, sending phishing fax requests for medical records and other documentation while falsely claiming to be part of a Medicare audit. CMS said it does not initiate audits by requesting medical records via fax. The agency advised against responding if someone suspects they received a suspicious request and to work with their medical review contractor to confirm the validity of the request. 
 
“In typical fashion, scammers are taking advantage of the latest headlines to steal funds and information from individuals and organizations,” said John Riggi, AHA national advisor for cybersecurity and risk.  
 
In addition to the fax scam, Riggi said the AHA continues to receive reports of increased social engineering schemes targeting hospital IT, human resources, vendor and patient portal help desks. “These schemes may involve a combination of phone, text and synthetic audio and video,” Riggi said. “Organizations should ensure strict multifactor authentication protocols are in place, train help desk staff on these schemes and enhance help desk challenge questions. If your organization becomes a victim of a social engineering scheme, report the incident to the FBI Internet Crime Complaint Center at www.ic3.gov.

For more information on this or other cyber and risk issues, contact Riggi at jriggi@aha.org. For the latest cyber and risk resources and threat intelligence, visit aha.org/cybersecurity

Headline
The Centers for Medicare & Medicaid Services has released an updated FAQ on Protecting Access to Medicare Act private payer data reporting. The deadline is…
Headline
The Cybersecurity and Infrastructure Security Agency has issued an alert warning of four Microsoft SharePoint vulnerabilities being exploited by cyber threat…
Headline
The Centers for Medicare & Medicaid Services July 16 released draft guidance for the 2028 cycle of negotiations under the Medicare Drug Price Negotiation…
Headline
The White House July 14 announced the establishment of Gold Eagle, a clearinghouse to enhance cybersecurity for critical infrastructure entities that will…
Headline
The Centers for Medicare & Medicaid Services, the Centers for Disease Control and Prevention, and the Department of Health and Human Services July 15…
Headline
The Cybersecurity and Infrastructure Security Agency and other U.S. and international agencies released a joint advisory July 13, warning of Russian cyber…