Warning for NY Healthcare Providers: Don’t Fall for These Regulatory Scams

By /

What’s Going On?

  • The alert is aimed at healthcare professionals licensed in New York State.

  • It warns that people are impersonating officials from either the New  York  State Department of Health (DOH)/or the New York State Education Department (NYSED).

  • These impersonators contact licensed providers (physicians, nurses, etc.), and they rely on creating urgency and sometimes fear of regulatory action to make you act quickly.

How the Scams Work

Here are the typical steps these scams follow:

  1. The scammer contacts you, claiming to be from DOH or NYSED (or “working for” the regulator) and says there is some issue with your license, misconduct, investigation, fine, etc.

  2. They push you to act now — either provide personal or security credentials (passwords, account info) or make a payment/fine to resolve the matter. The sense of urgency is key: the faster they can get you to act, the less likely you’ll stop and verify.

  3. Because many people know regulators could take action if something’s wrong, the impersonator has credibility simply by reference to those agencies.

  4. If you comply, you might give up sensitive info, allow access to your accounts, or send money to a fraudster.

What the Real Regulators Would Not Do

The alert emphasizes what genuine regulators like the office of professional discipline/medical conduct won’t ask for — so you know red flags. According to the alert:

  • The Office of Professional Medical Conduct (OPMC, part of DOH) and the Office of Professional Discipline (OPD, part of NYSED) will never ask for your passwords or other security credentials by phone/email.

  • They won’t demand an immediate monetary “fine” or payment without first negotiating and agreeing to a written settlement document, signed and formal.

  • So if someone says, “We’re from OPMC / OPD, give us your login and pay now or your license is gone,” — that’s almost certainly a scam.

How Can You Protect Yourself?

Here are some concrete steps for staying safe:

  • Pause and verify: If you get a call/email from someone claiming to be a regulator, take a moment. Real regulators will give you time and will follow formal procedures.

  • Don’t give credentials or passwords: Period. If they ask for your login, password, or request remote access to your computer, that’s a major red flag.

  • Don’t send payment or “settle” immediately: If someone says you must pay now to avoid action, that’s not how OPMC/OPD operate (they’d negotiate and sign a paper).

  • Contact your attorney: If you’re unsure whether the communication is legitimate, speak with legal counsel experienced in licensing/regulatory matters. The alert recommends this.

  • Check the authenticity of the agency: Use official contact info for DOH/NYSED (not info provided by the caller) to verify.

  • Keep records of communications: Emails, letters, calls — document what’s going on in case you need support or defence later.

  • Educate your team: If you run a practice or clinic with staff, make sure everyone knows these scams exist so they don’t inadvertently respond.

  • Be cautious with urgent language: Scammers rely on fear or urgency to rush you. If someone says “act now or your license is revoked”, take a step back.

Why This Matters to You

  • Whenever there’s an interaction that appears to be from OPMC or OPD, it carries risk: your license might be on the line, there’s reputational harm, and if it’s a scam, you could lose money or compromise your info.

  • Even if the claim of investigation is real, it’s still a significant event (and warrants professional/legal support). It’s better to treat any unexpected regulatory outreach seriously.

  • Being proactive means you’re less likely to be caught off guard and more likely to respond appropriately (rather than reactively).

Frequently Asked Questions

Protecting New York Healthcare Professionals From Regulatory Scams

How do these scams usually start?

Most scams begin with an unexpected phone call, email, or text from someone claiming to represent the Department of Health (DOH), the Office of Professional Medical Conduct (OPMC), or the Office of Professional Discipline (OPD). They may say you’re under investigation or facing disciplinary action and push you to respond immediately.

What are the biggest warning signs of a scam?

Look out for:

  • Requests for passwords or login credentials

  • Demands for immediate payment or fines

  • Threats of license suspension or disciplinary action unless you act on the spot

  • Poor grammar, generic greetings, or unusual contact methods

  • Pressure to keep the conversation secret

Regulators do not communicate this way.

Would OPMC or OPD ever ask for account passwords or security info?

No. Legitimate regulatory agencies never ask for passwords, financial logins, multi-factor authentication codes, or remote device access.

Can OPMC or OPD force me to pay a fine right away?

No. Regulatory fines or settlements are handled through formal written agreements, reviewed and signed by both sides. There is no such thing as a “pay right now or you lose your license” scenario.

Could an investigation begin without any written notice?

Rarely. Real investigations include:

  • Formal letters

  • Proper documentation

  • Paper trails

  • Direct contact information you can verify independently

If you haven’t received paperwork, be cautious.

What should I do if I think I’m being targeted?

  • Do not share personal info

  • Do not send payments

  • Politely end the call

  • Save the message or email

  • Contact legal counsel experienced in OPMC/OPD matters

  • Verify directly using official agency phone numbers

Should I call back the number that contacted me?

No. Scammers often spoof caller IDs.
Always verify through known official websites or state directories.

Are healthcare professionals commonly targeted?

Yes. Because they hold licensure, scammers know fear of professional repercussions can pressure quick decisions.

Can scammers access my licensing information?

Some licensing details are public. Scammers may use real information (like a license number or a specialty) to sound legitimate. That’s why tone, urgency, and requests are more important than the data they cite.

Is it possible that a real investigation could be underway?

Yes — which is why it’s important to:

  • Stay calm

  • Speak to qualified counsel

  • Confirm authenticity through official channels

Even if it’s real, you should not respond without guidance.

What if I already shared information?

Act quickly:

  • Contact your bank and credit-card companies

  • Change passwords immediately

  • Enable multi-factor authentication

  • Alert your IT team or practice manager

  • Notify legal counsel

A fast response can limit damage.

Should I tell my staff about this?

Absolutely. Receptionists, billing admins, and assistants sometimes answer first.
A quick briefing can prevent major risks.

Can these scams affect my patients?

Potentially. Compromised systems or credentials might expose patient data, which could trigger HIPAA concerns. That’s why prevention matters.

Banner listing Jordan Fensterman

Attorney Advertising – Prior results do not guarantee a similar outcome.

Leave a Comment

Your email address will not be published. Required fields are marked *

Attorney Advertising – Prior results do not guarantee a similar outcome.
Scroll to Top