The Federal Bureau of Investigation has warned Americans of cybercriminals impersonating health fraud investigators to steal sensitive information through emails and text messages designed to pressure victims into disclosing protected health information.
The FBI issued a public service announcement warning that scammers are posing as legitimate health insurers and their investigative team members. These criminals send emails and text messages to patients and healthcare providers, disguising communications as legitimate messages from trusted healthcare authorities. The messages pressure victims into disclosing protected health information, medical records, personal financial details, or providing reimbursements for alleged service overpayments or non-covered services. The FBI provided several protection tips, including being cautious of unsolicited communications requesting personal information, never clicking links in suspicious messages, using strong passwords, enabling Multi-Factor Authentication, and contacting health insurance providers directly to verify message legitimacy.
In March, the Federal Trade Commission reported that Americans lost $2.95 billion to imposter scams in 2024, with more than 845,000 reports filed throughout the year and a median loss of $800 for one in five victims. One month later, the FBI revealed that cybercriminals had stolen a record $16.6 billion in 2024, marking a 33.3% increase in losses compared to the previous year. The Department of Health and Human Services warned in April 2024 that cybercriminals are targeting Healthcare and Public Health sector organizations using social engineering tactics targeting IT help desks to breach systems and redirect bank transactions in business email compromise attacks.
"These criminals are sending emails and text messages to patients and health care providers, disguising them as legitimate communications from trusted health care authorities," the FBI said. "The messages are designed to pressure victims into disclosing protected health information, medical records, personal financial details, or providing reimbursements for alleged service overpayments or non-covered services."
According to the Federal Trade Commission:
According to the FBI:
This FBI warning shows a change in healthcare fraud where criminals specifically target the trust patients place in their healthcare providers and insurers. Unlike generic phishing attempts, these scammers exploit the healthcare relationship by impersonating fraud investigators—the very people patients would expect to protect them from fraud. This creates a threat because victims may be more likely to comply with requests that appear to come from legitimate healthcare fraud prevention efforts.
Scammers often obtain personal contact details through prior data breaches, public records, or dark web marketplaces.
They could face federal charges including wire fraud, identity theft, and HIPAA violations, carrying penalties of imprisonment and heavy fines.
Victims should immediately report the incident to the FBI’s Internet Crime Complaint Center (IC3) and their health insurance provider.