FBI warns scammers are posing as fraud investigators to steal sensitive healthcare info — what you need to know
Both patients and health care providers are being targeted

Scammers are targeting both patients and health care providers in a new phishing attack designed to steal your sensitive personal and financial data, according to a new alert from the FBI.
As reported by BleepingComputer, the federal law enforcement agency recently put out a public service announcement warning that scammers and other cybercriminals are currently impersonating health insurance companies and their respective fraud investigators in an effort to steal customer data.
According to the FBI, the scammers behind this new campaign are sending out phishing emails and text messages with the hope that potential victims will disclose their “protected health information, medical records, personal financial details” or even provide “reimbursements for fake service overpayments or non-covered services.”
Brand impersonation is nothing new for cybercriminals, but by targeting patients directly, they might be able to trick some people into giving up the kind of information that can be used to commit fraud or even medical identity theft.
Given that providing sensitive healthcare information via email or text is a clear HIPPA violation in most cases, this is a major red flag that you’re not dealing with an actual health insurance company or even their fraud investigators.
Still, for the FBI to issue a public service announcement, this means that this isn’t the type of threat to take lightly and that some patients and even health care providers have fallen for this phishing attack.
How to stay safe from phishing
To help Americans avoid falling victim to this new phishing scam, the FBI has provided some guidance on the matter in its public service announcement.
Get instant access to breaking news, the hottest reviews, great deals and helpful tips.
For starters, you should always be wary of unsolicited emails, text messages and calls asking for your personal information. Likewise, if you do come across one of these emails or messages, you shouldn't click on any links they contain as they could be malicious.
To keep your medical accounts safe from scammers and hackers, you want to use strong and unique passwords for all of them. You never want to reuse a password and if you have trouble coming up with complex passwords for your accounts or remembering them, you might want to consider using one of the best password managers instead.
Since phishing messages could contain malware or other viruses, you want to make sure that you’re using the best antivirus software on your Windows PC or the best Mac antivirus software on your Apple computer.
There’s a lot that hackers and scammers can do with sensitive medical information and personal data, so I doubt this is the last time we will see an attack like this. For this reason, you want to make sure that you’re extra careful when dealing with any emails or text messages claiming to come from your healthcare provider.
More from Tom's Guide

Anthony Spadafora is the managing editor for security and home office furniture at Tom’s Guide where he covers everything from data breaches to password managers and the best way to cover your whole home or business with Wi-Fi. He also reviews standing desks, office chairs and other home office accessories with a penchant for building desk setups. Before joining the team, Anthony wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.