Blog Post

FBI Warning: Criminals Posing as Health Insurers and Fraud Investigators Are Targeting Providers and Patients

July 1, 2025

By Jeremy Burnette and Elizabeth F. Hodge

The FBI issued a warning on June 27, 2025, that criminals impersonating healthcare insurers and fraud investigators are sending text messages and emails to healthcare providers and patients to trick them into providing protected health information (PHI), medical records, personal financial information, or providing reimbursement for alleged overpayments under false pretenses. The FBI warns that these messages are disguised as authentic communications from known authorities. This fraudulent criminal practice is otherwise known as “phishing.” 

This warning follows a similar alert last week from the Centers for Medicare and Medicaid Services (CMS) that described a fraud scheme targeting Medicare providers and suppliers. According to CMS, the bad actors are impersonating CMS and sending phishing fax requests for medical records and documentation as part of an alleged Medicare audit. CMS says that it does not provide notice of an audit or request records via fax.

The FBI advises that healthcare providers and patients take these steps to protect themselves from this current wave of phishing:

  • Be on high alert when receiving unexpected communications requesting PHI or other personal information;
  • Do not click on links embedded in unexpected or otherwise suspicious emails;
  • Make sure all of your passwords are strong and use Multi-Factor Authentication whenever possible;
  • Make sure operating and antivirus software are updated on all devices; and
  • Always verify emails or text messages appearing to be from insurance providers or investigators by directly contacting them (i.e., do not just reply to the suspicious message you received) before giving them any PHI or other personal information.

The FBI further encourages providers or patients who believe they may have been a victim of this type of fraud to contact them at Home Page – Internet Crime Complaint Center (IC3). CMS advises Medicare providers and suppliers who receive suspicious requests purporting to be from the agency should contact their Medical Review Contractor to ascertain the validity of the request.

This information is intended to inform firm clients and friends about legal developments, including recent decisions of various courts and administrative bodies. Nothing in this Practice Update should be construed as legal advice or a legal opinion, and readers should not act upon the information contained in this Practice Update without seeking the advice of legal counsel. Prior results do not guarantee a similar outcome.

Related People

Related Work

Related Offices

Health Law Rx

Akerman Perspectives on the Latest Developments in Healthcare Law

Read blog posts

People
Perspectives
Work
Firm
700+ Lawyers
25 Offices
To navigate our site
To search our site

Welcome to our new site

Click anywhere to enter