October 2, 2024
HIPAA & Increased Trend in Record Request Scams – Don’t Fall for Fax Scams
Healthcare fraud takes many forms and in the world of cybercrime, health records are big business! A lot of information is contained in that record, such as demographics, social security numbers, Medicare/Medicaid numbers, and even financial information.
Cybercriminals will primarily use medical records to impersonate the victim to receive medical services, benefits, and medications. These types of records are more lucrative for criminals than other types of data, like credit card numbers. According to Experian, a single patient record can sell for up to $1,000 on the black market.
Medical record phishing scams are a type of cyber-attack that aims to trick people into giving away sensitive information, such as patient records, login credentials, or financial details. The Centers for Medicare & Medicaid Services (CMS) has warned physicians to be aware of these scams.
CMS identified phishing scams for medical records, according to an item in the June 20, 2024 MLN Connects newsletter. This may include scammers faxing your office fraudulent medical records requests to get you to send patient records in response and using the CMS logo in their request. When you review any requests, look for signs of a scam, including:
- Directing you to send records to an unfamiliar fax number or address
- Referencing Medicare.gov or @Medicare (.gov)
- Indicating they need records to “update insurance accordingly”
- Poor grammar, misspellings, or strange wording
- Incorrect phone numbers
- Skewed or outdated logos
- Graphics that are cut and pasted
When responding to a CMS request for records, CMS recommends using the esMD for Medicare Providers and Suppliers, which eliminates the need to mail or fax paper documents.
Related Articles
Digital danger: a review of the global public health, patient safety and cybersecurity threats posed by illicit online pharmacies.