Fake hospital / medical debt collection payment phishing — non-healthcare sender impersonates a medical billing department or debt collection agency claiming an overdue hospital, doctor, or patient balance that will be sent to collections and damage the victim's credit score unless paid immediately via a fraudulent portal

Fraudulent emails impersonating medical billing departments or debt collection agencies, claiming the recipient has an unpaid medical, hospital, or doctor's bill that will be referred to a collection agency — damaging their credit score — unless paid immediately via a linked portal. Medical debt is a uniquely anxiety-inducing subject: 43 million Americans carry medical debt, many have unclear post-insurance balances, and the threat of credit damage is highly plausible. Key facts: (1) CFPB 2024: medical debt is the #1 category of contested collections in the US — scammers exploit this widespread anxiety; (2) Real hospital billing systems (Epic MyChart, Cerner, Waystar, Athenahealth) send patient statements through authenticated platforms with List-Unsubscribe headers and secure patient portal links — they do not send cold "final notice" emails with external payment links; (3) Legitimate medical debt collectors are regulated by the FDCPA and must provide a written validation notice before demanding payment — they cannot legally threaten credit damage on first contact without prior written notice; (4) These phishing sites often request credit card details and sometimes billing address + DOB for "identity verification," enabling card fraud. Warning signs: "final notice" or "last chance" framing in a cold email, "sent to collections" threat, request to pay via external link not on the hospital's official domain, no prior statement or paper bill received.