Fraud Management & Cybercrime,
Healthcare,
Industry Specific
Recent Alerts Follow Multiple Attacks on Insurers
Federal authorities in the U.S. have issued a warning to both consumers and healthcare organizations regarding a wave of email and fax phishing scams. Fraudsters are attempting to steal sensitive personal details through communications that appear legitimate, particularly in the wake of recent cyberattacks on several large insurance companies.
In a joint alert released on June 27, the FBI and its Internet Crime Complaint Center cautioned the public about scammers impersonating credible health insurance providers and their investigative teams. These malicious actors have been sending purportedly legitimate emails and text messages to patients and healthcare providers.
The fraudulent communications aim to pressure recipients into revealing protected health information, medical records, or personal financial details. The FBI emphasized that such schemes are often positioned to extract reimbursements for alleged service overpayments or for services not covered by insurance policies.
The Centers for Medicare and Medicaid Services (CMS) also voiced concerns regarding a specific fraud scheme targeting Medicare providers. CMS reported that scammers have been impersonating its officials, dispatching phishing fax requests for medical records under the pretense of initiating a Medicare audit. They reiterated that legitimate audits would never be initiated via fax requests for documentation.
Recent government warnings coincide with multiple cyberattacks on major U.S. insurance entities, including Aflac, Erie Insurance, and Philadelphia Insurance Companies. Public disclosures from these companies have indicated that, although their systems did not sustain ransomware encryption, they are evaluating whether any data may have been compromised. The incidents disrupted various operational processes as IT systems were taken offline during the response efforts.
Cybersecurity experts suspect a gang known as Scattered Spider as potentially responsible for these attacks, utilizing tactics from the MITRE ATT&CK framework such as initial access and persistence techniques to infiltrate and exploit vulnerabilities within the affected organizations.
Authorities remind healthcare organizations to remain vigilant and to disregard any suspicious communications requesting sensitive information. They advise collaborations with Medical Review Contractors to verify the authenticity of any questionable requests.
