DECEMBER 12, 2024 – In early November the Defense Health Agency sent out a cautionary note about a fake website masquerading as DoD’s electronic health record MHS GENESIS.
The cyber alert was shared by military treatment facilities like Naval Hospital Bremerton which stated, “If you find any website that reference the MHS GENESIS Patient Portal or other information about MHS GENESIS that are not part of the .mil domain, those are not official government websites or affiliated with the Department of Defense or Military Health System.”
The bogus website directed users with an Android or iPhone to a mobile app, a software program designed for a portable devise like a phone, tablet or watch. MHS GENESIS does not use any such app.
“Any web address ending in anything other than .mil will not take you to the MHS GENESIS Patient Portal and may not be secure.”
The DHA forewarns that any patient who unwittingly attempts to use the fake site is at risk of having personal information obtained by an unknown source not associated with the Military Health System. The DHA Cyber Operations Center actively blocked the fake portal site using a .info web address.
It’s an ongoing cyber awareness effort.
Just several months earlier, TRICARE for Life patients began getting faux texts in July warning them their health benefits were expiring due to non-payment and as soon as possible need to call a specific toll-free number, presumably with credit card information ready to share.
Yet another phishing/smishing attempted con job, with the current holiday season a time when deception and swindle are on the upswing.
According to Jose J. Garcia Perez, NMRTC Bremerton command security manager and personnel security specialist, the holiday season is when there’s a surge of impersonation scams of major online retail outlets.
In impersonation scams, a scammer reaches out to you pretending to be someone you trust to get sensitive information like social security numbers, bank information, or account details. Scammers change tactics quickly making them hard to detect,” explained Garcia Perez, noting that scammers will send emails posing as a reputable online retail outlet and include pdf attachments.
“The email will state that your account will be suspended or on hold. These attachments prompt you to click on a fraudulent link to “update your account.” These links lure you to provide personal information such as payment information or account login credentials. Please do not click on any links or provide your information without authenticating the email or verifying the link,” stressed Garcia Perez.
There are also membership scams. Unexpected calls or texts or emails inform someone that there’s a costly fee or some issue with their enrollment which can only be resolved by providing personal details. Or cash. Or both.
“These scammers try to convince you to provide payment or bank account information in order to reinstate a membership. A reputable online retail outlet will never ask you to provide payment information for products or services over the phone,” Garcia Perez said.
Garcia-Perez cited the following important advice to identify scams and keep your account and information safe:
- Trust retail-owned channels. Always go through the official mobile app or website when seeking customer service, tech support, or when looking to make changes to your account.
- Be wary of false urgency. Scammers may try to create a sense of urgency to persuade you to do what they’re asking. Be wary any time someone tries to convince you that you must act now.
- Never pay over the phone. Online retail outlets don’t ask you to provide payment information, including gift cards (or “verification cards,” as some scammers call them) for products or services over the phone.
- Verify links and email senders first. Review the link for misspellings, repeated characters, or added or substituted characters.
For any TRICARE patients who receive a suspicious text about their coverage, the Defense Health Agency requests assistance in submitting a report at http://www.health.mil/Fraud
For TRICARE West Region [Health Net Federal Services] 844- 886-2206, Program.Integrity@hnfs.com or https://www.tricare-west.com/content/hnfs/home/tw/bene/claims/fraud_report_form.html
For more information on holiday scams, especially shopping online: https://www.fbi.gov/how-we-can-help-you/scams-and-safety/common-frauds-and-scams/holiday-scams
For reporting cyber-enabled crime at the Internet Crime Complaint Center: https://www.ic3.gov/
If anyone thinks their personal information has been compromised, be sure and contact your financial institution and the Federal Trade Commission (FTC) at: https://www.usa.gov/federal-agencies/federal-trade-commission or toll free 1-877-FTC-HELP (1-877-382-4357) use their online complaint assistant to report various types of fraud: https://www.usa.gov/telemarketer-scam-call-complaints
“Sailors, retirees and dependents may utilize the Region Legal Service Office Northwest Legal Assistance Department for advice on any consumer/financial affairs,” advised Lt. Alexia Cain, Navy Medicine Ready Training Command Bremerton command judge advocate. “Keep a good record of all payments and charges and do not ever sign something you have not read! Email rlsonw_la_bang@navy.mil for both NBK RLSO locations.”
Garcia Perez also recommended such additional steps to help protect your credit and identity:
- Visit IdentityTheft.gov to learn how to set up protections.
- Obtaining a free yearly Credit Report from each of the three Credit Bureaus: https://www.annualcreditreport.com/index.action
- Protecting children and minors from identity theft: https://www.consumer.ftc.gov/articles/0040-child-identity-theft
- Fraud Alerts setup on personal accounts: https://fraud.transunion.com/fa/fraudAlert
Story by Douglas Stutz
Naval Hospital Bremerton/Navy Medicine Readiness and Training Command Bremerton