Cybercriminals steal health data posing as fraud investigators

The Federal Bureau of Investigation (FBI) has warned Americans of cybercriminals impersonating health fraud investigators to steal their sensitive information.

As the federal law enforcement agency cautioned in a Friday public service announcement, scammers posing as “legitimate health insurers and their investigative team members” are emailing or messaging potential victims to pressure them into providing personal or health data that can later be used for fraudulent purposes.

“These criminals are sending emails and text messages to patients and health care providers, disguising them as legitimate communications from trusted health care authorities,” the FBI said.

“The messages are designed to pressure victims into disclosing protected health information, medical records, personal financial details, or providing reimbursements for alleged service overpayments or non-covered services.”

The FBI also shared several tips to help protect against fraudulent attempts, advising Americans to be cautious of unsolicited emails, texts, and calls that request personal information and never to click on links contained in such suspicious messages.

Additionally, it recommends using strong passwords and enabling Multi-Factor Authentication for all accounts. Before sharing any personal or healthcare information, individuals should also contact their health insurance provider directly to verify the legitimacy of any messages they receive.

In March, the Federal Trade Commission (FTC) reported that Americans lost a staggering $2.95 billion to imposter scams in 2024. Imposter scams were the most frequently reported type of scam, with more than 845,000 reports filed throughout the year, resulting in a median loss of $800 for one in five victims.

One month later, the FBI revealed that cybercriminals had stolen a record $16.6 billion in 2024, marking a 33.3% increase in losses compared to the previous year.

As the Department of Health and Human Services (HHS) warned in April 2024, cybercriminals are also targeting organizations in the Healthcare and Public Health (HPH) sector using social engineering tactics targeting their IT help desks, breach their systems, and redirect bank transactions in business email compromise (BEC) attacks.

Patching used to mean complex scripts, long hours, and endless fire drills. Not anymore.

In this new guide, Tines breaks down how modern IT orgs are leveling up with automation. Patch faster, reduce overhead, and focus on strategic work — no complex scripts required.

Get the free guide