Alert: Sophisticated Medicare and DEA Impersonation Scams Targeting Medical Practices
In early 2026, federal authorities including the Centers for Medicare & Medicaid Services (CMS) and the Drug Enforcement Administration (DEA) issued urgent warnings to the medical community. While patients have long been targets of fraud, there is a significant rise in "provider-side" scams where criminals pose as government officials to defraud medical practices.
The Anatomy of the New "Provider Scam"
Unlike generic robocalls, today’s fraudsters often use data leaked from major health-sector breaches to sound highly convincing. They may already know your NPI number, office address, or even details about recent claims.
1. The "Medicare Audit" Fax or Call
Scammers send faxes or call claiming your office is under a "medical review audit" or has an "outstanding Medicare debt." They often request that you "verify" patient records or pay a fine immediately to avoid a billing freeze.
The Reality: CMS generally does not initiate audits via fax or unsolicited calls. Official audits follow a strict process through your Medicare Administrative Contractor (MAC).
2. The DEA Investigation Threat
A caller identifies themselves as a DEA agent and claims your license is being suspended due to "suspicious prescribing patterns." They may demand "bond money" or sensitive personal credentials to "stay the suspension."
The Reality: The DEA will never demand money or gift cards over the phone. Official legal actions are always handled in person or via official registered mail.
3. The 2026 "Policy Update" Trap
With the new 2026 Medicare Part D drug cap, scammers are calling offices to "verify credentials" for the new payment plans. This is a tactic to harvest NPIs and login data for phantom billing schemes.
Red Flags Your Staff Should Watch For:
Requests for Full Credentials: Asking for your full SSN, bank details, or NPI over the phone for "verification."
Urgency and Secrecy: Demanding that you "do not hang up" or tell anyone else about the call because it is a "federal investigation."
Non-Standard Payments: Any request for payment via wire transfer, cryptocurrency, or digital payment apps.
How to Protect Your Practice
Hang Up and Call Back: If you receive a call from "Medicare," hang up and call your MAC directly using the number on the official CMS website.
Verify Faxes: If you receive a faxed request for records, contact your Medical Review Contractor to confirm the audit is legitimate before sending any data.
Report Everything: Report any impersonation attempts to the HHS-OIG Hotline (1-800-HHS-TIPS) and the FBI's Internet Crime Complaint Center (IC3).
A Note to Our Clients: Vigilance is your best defense. Government agencies already have your basic credentials and will never use high-pressure phone tactics to collect debt or medical records.