In a troubling development, the Federal Bureau of Investigation (FBI) has issued a warning about a sophisticated cyber scam targeting health data in the United States. Cybercriminals are posing as fraud investigators from health insurance companies or government health departments to deceive people into revealing sensitive information.
These scammers contact individuals via email, text message, or phone calls, claiming to be investigating fake overpayments, identity misuse, or billing errors. In reality, they aim to steal medical records, Aadhaar details, insurance numbers, and financial data.
“This scam works because it preys on people’s trust in health systems and fear of financial fraud,” said an FBI spokesperson.
Who’s Being Targeted and How?
The scam primarily focuses on two groups:
-
Patients and healthcare consumers who are tricked into sharing personal and medical details under the pretext of investigating health insurance fraud or issuing refunds.
-
Healthcare professionals and clinic staff who receive spoofed official-looking emails or calls asking for sensitive patient data.
Criminals often use forged phone numbers and fake email addresses to appear credible. Some messages even mention real insurance company names or quote partial personal details like a mobile number or Aadhaar-linked information to gain trust.
In several reported cases, fraudsters asked victims to verify sensitive data or click on malicious links, leading to identity theft and health insurance fraud.
FBI’s Advice and Additional Tips for Indians
While the FBI has issued guidelines for Americans, cybersecurity experts warn that Indians are equally vulnerable to similar scams, given the rising use of digital health IDs, e-insurance policies, and mobile health apps.
Here’s how to stay safe:
For Everyone
- Be skeptical of any unsolicited message about medical refunds, investigations, or data verification.
- Avoid clicking on links or sharing personal information via email, SMS, or WhatsApp until the source is verified.
-
Call your health insurance company or hospital directly using official customer service numbers—not the contact given in suspicious messages.
For Indian Users Specifically
-
Never share your Aadhaar number, ABHA (Ayushman Bharat Health Account) ID, or e-insurance policy details over phone calls or text messages.
-
Check your insurance claim status directly through official insurance apps or websites.
-
Report any suspicious calls, emails, or messages to the Cyber Crime Portal of India (cybercrime.gov.in) or dial 1930, the national cyber fraud helpline.
-
Keep your Digi Locker and health app accounts protected with strong passwords and two-factor authentication.
-
Regularly update your phone’s antivirus and security apps.
Why This Scam Matters More Than Ever
Health records are among the most valuable data for cybercriminals globally, and India is no exception. Experts point out that a stolen medical identity can be misused for financial fraud, insurance claims, or even illegal organ trade operations.
The growing complexity of health insurance schemes, digital health cards, and telehealth consultations in India creates opportunities for scammers to manipulate the system.
“Most people wouldn’t hesitate to respond to a message about an insurance claim or Aadhaar verification — and that’s exactly what criminals exploit,” said a Mumbai-based cybersecurity analyst.
**If you receive a suspicious message about your medical records or insurance, whether in the US or India — don’t panic, don’t share, and always verify through official sources**.