The Federal Bureau of Investigation has warned Americans of cybercriminals impersonating health fraud investigators to steal sensitive information through emails and text messages designed to pressure victims into disclosing protected health information.
What happened
The FBI issued a public service announcement warning that scammers are posing as legitimate health insurers and their investigative team members. These criminals send emails and text messages to patients and healthcare providers, disguising communications as legitimate messages from trusted healthcare authorities. The messages pressure victims into disclosing protected health information, medical records, personal financial details, or providing reimbursements for alleged service overpayments or non-covered services. The FBI provided several protection tips, including being cautious of unsolicited communications requesting personal information, never clicking links in suspicious messages, using strong passwords, enabling Multi-Factor Authentication, and contacting health insurance providers directly to verify message legitimacy.
The backstory
In March, the Federal Trade Commission reported that Americans lost $2.95 billion to imposter scams in 2024, with more than 845,000 reports filed throughout the year and a median loss of $800 for one in five victims. One month later, the FBI revealed that cybercriminals had stolen a record $16.6 billion in 2024, marking a 33.3% increase in losses compared to the previous year. The Department of Health and Human Services warned in April 2024 that cybercriminals are targeting Healthcare and Public Health sector organizations using social engineering tactics targeting IT help desks to breach systems and redirect bank transactions in business email compromise attacks.
What was said
"These criminals are sending emails and text messages to patients and health care providers, disguising them as legitimate communications from trusted health care authorities," the FBI said. "The messages are designed to pressure victims into disclosing protected health information, medical records, personal financial details, or providing reimbursements for alleged service overpayments or non-covered services."
By the numbers
According to the Federal Trade Commission:
- Americans lost $2.95 billion to imposter scams in 2024
- More than 845,000 imposter scam reports were filed throughout the year
- Median loss was $800 for one in five victims
- Imposter scams were the most frequently reported type of scam
According to the FBI:
- Cybercriminals stole a record $16.6 billion in 2024
- This marked a 33.3% increase in losses compared to the previous year
Why it matters
This FBI warning shows a change in healthcare fraud where criminals specifically target the trust patients place in their healthcare providers and insurers. Unlike generic phishing attempts, these scammers exploit the healthcare relationship by impersonating fraud investigators—the very people patients would expect to protect them from fraud. This creates a threat because victims may be more likely to comply with requests that appear to come from legitimate healthcare fraud prevention efforts.
FAQs
How do scammers gain access to patients' contact information in the first place?
Scammers often obtain personal contact details through prior data breaches, public records, or dark web marketplaces.
What legal consequences do these impersonators face if caught?
They could face federal charges including wire fraud, identity theft, and HIPAA violations, carrying penalties of imprisonment and heavy fines.
What steps should a victim take if they’ve already responded to a fraudulent message?
Victims should immediately report the incident to the FBI’s Internet Crime Complaint Center (IC3) and their health insurance provider.
