The Centers for Medicare & Medicaid Services (CMS) published an alert on fraud schemes that are increasingly targeting Medicare providers that involve bad actors impersonating CMS and sending phishing fax requests for medical records and documentation, falsely claiming to be part of a Medicare audit.
Phishing is an example of social engineering that attempts to trick you or someone else in your workplace into giving out sensitive information. Email phishing attacks are still a common occurrence, but we are hearing about more fraudulent fax requests being sent out to medical practices by bad actors.
CMS emphasized that it does not initiate audits by requesting medical records via fax. We urge physicians and practices to take steps to protect their data. If physicians receive a suspicious request, do not respond. CMS encourages you to work with your Medical Review Contractor if you receive a questionable or suspected fraudulent request to confirm if it is real.
