For members

Cybersecurity and fraud prevention

Cybercriminals target health insurance accounts to steal Personally Identifiable Information (PII) and Protected Health Information (PHI), such as Social Security numbers (SSN), medical records, and financial details related to your account. Safeguarding this data is essential in helping to prevent identity theft, fraud, and unauthorized access to your sensitive health information.

Here are some best practices to help you keep data secure online:

  • Only share sensitive information with trusted sources. Never provide your Social Security number, insurance details, or medical records unless you know the recipient’s identity. Verify you are communicating with legitimate health care providers, insurance representatives, or via secure online portals before sharing any personal data.
  • Use secure websites. Look for “https://” in the URL. When entering personal or health information online, be sure the website uses HTTPS, which encrypts your data during transmission. Avoid entering sensitive data on websites not displaying the lock icon in the browser address bar, as shown below:
    browser window showing ibx site is secure
  • Be wary of emails or calls requesting personal information. Cybercriminals often pose as insurance companies, health care providers, banks, credit card companies, and government agencies (especially the IRS). They do this to trick individuals into sharing personal information. If you receive an unsolicited email, phone call, or text message asking for PII or PHI, do not respond or click on any links. You should contact IBX directly at 1-800-ASK-BLUE (or 1-800-275-2583) or visit us online at ibx.com.
  • Enable multi-factor authentication (MFA) on your accounts. Many health care, banking, and shopping portals use MFA, which adds an extra layer of security above a solo password — it can help prevent unauthorized access even if your password becomes compromised.
  • Review your insurance statements and medical records regularly. Check your Explanation of Benefits (EOB) statements and medical bills for suspicious charges or services you don’t recognize. If you see anything unusual, report it immediately.
  • Use strong, unique passwords for each account. Create passwords that are at least 12 characters long and include a mix of upper and lowercase letters, numbers, and special characters (e.g., &, $, or !). Avoid reusing passwords across multiple accounts to reduce the risk of credential theft.

Cybersecurity frequently asked questions (FAQ)

Phishing scams are among the most common cyberattacks, where threat actors pose as legitimate organizations to trick you into revealing PII or PHI. These scams can come as emails (phishing), text messages (smishing), or phone calls (vishing), pretending to be from a health insurance provider like IBX, a bank/financial institution, or government agency (USPS, IRS).

Here are some red flags to watch out for:

  • Emails or texts with urgent requests for your personal or login information. Attackers can create a sense of urgency, claiming your account is locked, your policy is expiring, or you need to verify your information immediately. Legitimate companies will never pressure you into providing sensitive information through email or text messaging.
  • Messages containing misspellings, unfamiliar sender addresses, or suspicious links. Phishing emails may contain spelling errors, awkward phrasing, or incorrect company branding. Always check a sender’s email address carefully — a threat actor may use addresses that look like official ones, but with slight variations (e.g., amerlhealth.com instead of amerihealth.com). Hover your cursor over the link to reveal the web address that it really goes to — if it looks suspicious or doesn’t match an official website, DO NOT CLICK ON IT.
  • Phone calls from unknown numbers claiming to be your insurance provider. Scammers may call pretending to be customer service representatives, asking for your Social Security number, insurance card ID, or other payment details. Some threat actors can even spoof Caller ID to make it look like the call is legitimate. If you receive an unsolicited call, hang up and contact IBX directly at 1-800-ASK-BLUE (or 1-800-275-2583) or visit us online at ibx.com.

Here are some clear indicators that an email, call, or text is NOT from IBX. We will never:

  • Ask for your password or sensitive information via email or text
  • Request payment through gift cards, wire transfers, or cryptocurrency
  • Threaten to cancel your coverage if you don’t provide personal details immediately

If you receive a suspicious message or suspect health care fraud, report it using our online Fraud & Abuse Tip Referral Form. Learn more at IBX Anti-fraud.

  • Do not click on any links or download attachments from unsolicited emails/text messages.
  • Do not provide personal, financial, or health information over the phone, unless you initiated the call and have verified the recipient.
  • Verify the legitimacy of any message by calling IBX Customer Service directly at 1-800-ASK-BLUE (or 1-800-275-2583) or visit us online at ibx.com.

  • Change your password and enable multi-factor authentication (MFA) immediately.
  • Check your account for any unauthorized activity.
  • Contact our confidential Fraud Hotline at 1-866-282-2707, 24 hours a day, 7 days a week, or complete and submit our online Fraud & Abuse Tip Referral Form to report the issue.