CMS warns of phishing fax scheme; AHA monitoring other reported social engineering schemes 

Jun 26, 2025 - 04:04 PM
Cybersecurity image of a digital lock

The Centers for Medicare & Medicaid Services today announced it has identified a fraud scheme targeting Medicare providers and suppliers. CMS said scammers are impersonating the agency, sending phishing fax requests for medical records and other documentation while falsely claiming to be part of a Medicare audit. CMS said it does not initiate audits by requesting medical records via fax. The agency advised against responding if someone suspects they received a suspicious request and to work with their medical review contractor to confirm the validity of the request. 
 
“In typical fashion, scammers are taking advantage of the latest headlines to steal funds and information from individuals and organizations,” said John Riggi, AHA national advisor for cybersecurity and risk.  
 
In addition to the fax scam, Riggi said the AHA continues to receive reports of increased social engineering schemes targeting hospital IT, human resources, vendor and patient portal help desks. “These schemes may involve a combination of phone, text and synthetic audio and video,” Riggi said. “Organizations should ensure strict multifactor authentication protocols are in place, train help desk staff on these schemes and enhance help desk challenge questions. If your organization becomes a victim of a social engineering scheme, report the incident to the FBI Internet Crime Complaint Center at www.ic3.gov.

For more information on this or other cyber and risk issues, contact Riggi at jriggi@aha.org. For the latest cyber and risk resources and threat intelligence, visit aha.org/cybersecurity

Related News Articles

Headline
NORC, Coalition report finds MA patients face longer hospital stays, reduced follow-up care access 
A report released June 17 by NORC at the University of Chicago, commissioned by the Coalition to Strengthen America’s Healthcare, found that patients enrolled…
Headline
CMS requests comments on MA service level data collection for initial determinations, appeals
The Centers for Medicare and Medicaid Services May 30 released a notice requesting comments on a proposed Medicare Advantage service level data collection…
Headline
AHA comments to CMS on FY 2026 IPPS proposal
The AHA commented to the Centers for Medicare & Medicaid Services June 10 on the fiscal year 2026 inpatient prospective payment system proposed rule (https…
Headline
Reduced FY 2026 LTCH payment updates ‘inadequate,’ AHA tells CMS
The AHA expressed concerns (LINK) to the Centers for Medicare & Medicaid Services today on payment updates for the fiscal year 2026 proposed rule for the…
Headline
AHA provides comments on TEAM proposed rule, asks CMS to make voluntary
The AHA commented on proposed changes to the Transforming Episode Accountability Model, a new, mandatory, episode-based payment model scheduled to begin Jan. 1…
Headline
AHA comments on IPF proposed rule for FY 2026
The AHA June 10 commented on the fiscal year 2026 inpatient psychiatric facility proposed rule, expressing support for several provisions such as increases in…