Report: Scam Messages Pose Risks to Patient Safety

By Jay Kumar

A new study finds that 87% of healthcare workers say scam messages create real risks to patient safety.

Conducted by Tebra, the study surveyed 1,000 patients and healthcare professionals—including physicians, nurses, and front office staff—to understand the impact of medical phishing scams.

Getting targeted by cybercriminals is nothing new, but it’s happening more frequently, according to respondents. Nearly nine in 10 healthcare workers believe healthcare scams pose a patient safety risk beyond financial harm, the study found.

“Healthcare scams are a patient safety issue. Today, many patients can’t reliably tell whether a reminder, lab result, or portal message is real,” says Kevin Marasco, Chief Growth Officer, Tebra. “Patients hesitate, and hesitation turns into missed appointments and delayed follow-ups. In practice, patients ignoring medical communications can translate into unmanaged chronic disease or medication delays.”

The scams create operational strain for practices, resulting in patient confusion, increased call volume, and added administrative work for front desk and clinical teams. Staff said patients report scam messages after they have already engaged with them (26%), before engaging (16%), or both (22%). Scams have led to patients missing appointments (23%) and delaying care (20%).

About one in five healthcare workers said patients frequently report suspicious messages claiming to be from their practice, while 27% said they spend 5% to 10% of their time addressing confusion caused by scams.

The scam-related issues that take up the most time include:

  • Billing disputes (50%)
  • Patient phone calls seeking clarification (47%)
  • Appointment confusion or no-shows (30%)
  • Reporting or documentation related to scams (22%)
  • Prescription refill confusion (20%)
  • Emotional reassurance or de-escalation with patients (19%)

Patient response

The study found that 51% of respondents said if they received a healthcare-related text message, they would first search online to determine whether the message was legitimate. But more than one in 10 said they would take higher-risk actions, such as clicking the link, replying to the message, or attempting to re-enroll or check coverage.

“Scams hijack the signals that patients trust, such as familiar branding, clinical language, and urgency,” Marasco says. “Older adults, especially, may be more cautious and less comfortable when verifying messages. Indeed, the more vulnerable the patient, the higher the stakes of one ignored message.”

In the past month, more than one in four respondents received an average of three questionable messages. On average, Americans reported receiving five suspicious healthcare-related messages in a single month, with more than one in 10 receiving 10 or more in a single month.

“It’s important to design communication so it’s easy to authenticate,” says Marasco. “Medical practices should use a small set of official channels and verification paths that don’t require clicking links.”

Respondents listed the following characteristics that make healthcare scam messages seem legitimate:

  • Insurance-related language (31%)
  • Familiar provider, hospital, or practice name (21%)
  • Professional tone or branding (20%)
  • Use of medical terminology (16%)
  • Timing shortly after a real appointment or test (11%)
  • Fear of delayed care (8%)
  • Urgency around prescriptions (6%)

The emotional impact of scam messages includes:

  • Increased anxiety or stress (34%)
  • Loss of trust in healthcare communications (32%)
  • Fear of missing important medical information (24%)
  • Confusion about which messages are legitimate (22%)