We continue to see phishing and impersonation scams targeting UAB physicians. Recent activity includes scammers posing as representatives from the DEA, CMS, and other regulatory entities, attempting to obtain personal information, NPIs, signatures, or patient data.
Scammers may spoof phone numbers, email addresses, and even fax forms to appear legitimate. CMS has confirmed a national fraud scheme where scammers send fake fax requests impersonating CMS to obtain provider information, and emphasized that CMS does not initiate audits or documentation requests by fax.
Agencies such as the DEA, state medical boards, and CMS will not request personal information, NPIs, signatures, or PHI by unsolicited phone call, email, or fax. They also do not threaten loss of licensure or demand immediate action. These are hallmark red flags of phishing attempts.
If you receive any suspicious communication:
- Do not respond or provide information
- Do not call the number provided
- Verify legitimacy through the agency’s official published contact channels, not those listed in the message