From Our Blog
Medical identity theft follows you into the doctor's office
The Justice Department recently charged 455 people in its annual National Health Care Fraud Takedown. The cases involve more than $6.5 billion in alleged false claims. More state Medicaid units took part than in any prior year. Ninety of the accused are doctors or other licensed medical professionals. The DOJ says prosecutors still must prove the charges in court.
Many schemes used other people's medical identities. Prosecutors also added aggravated identity theft charges in cases across dozens of states. In one case, the co-owner of a Virginia mental health company allegedly paid homeless people with hotel stays. Prosecutors say the company used their Medicaid numbers, then billed Medicaid for crisis services the patients never got.
For the people whose numbers got used, the case file may eventually close. Their medical records may not be so easy to fix. Once someone else's treatment shows up under your name, it can add wrong information to your chart. It can also use up insurance benefits you may need later. That is harder to undo than canceling a credit card.
Sign up for my FREE CyberGuy Report
DR OZ WARNS MEDICARE SCAMMERS ARE STEALING BILLIONS — AND YOUR PERSONAL INFORMATION COULD BE NEXT
Medical identity theft happens when someone uses your name, Social Security number (SSN), health insurance account number, or Medicare number to see a doctor, fill a prescription, buy medical equipment, or submit a claim, according to the Federal Trade Commission (FTC).
When care is billed under your name, the thief's health information can blend into yours. The FTC warns that mixed records can affect the care you're able to get and the benefits you are able to use. A blood type, a drug allergy, a diagnosis, or a prescription that belongs to a stranger can sit in the file a physician reads before treating you.
Hospitals and insurers hold the exact records that make the fraud work, and those records are stolen often. This does not mean every healthcare breach leads to fraud. However, it explains why your insurance number, Medicare number, SSN and medical records can become valuable long after a breach notice arrives.
This spring, NYC Health + Hospitals reported that an intruder had copied files that may have included health insurance information, medical information, biometric data, billing data and other personal information. The breach was later reported to affect roughly 1.8 million current and former patients and employees.
Once a name, SSN, insurance number, Medicare number or medical record reaches a criminal marketplace, it can be resold to operators who bill under someone else's identity.
Your health insurance and Medicare numbers are what these operations need, so the FTC recommends guarding them the way you would a payment card.
HOSPICE FRAUD USES STOLEN IDENTITIES FOR FAKE PATIENTS
Because a fraudulent medical claim runs through insurance and provider systems instead of a credit check, it skips the alerts most people rely on.
Here's what the FTC says you should look out for:
If a bill, EOB or Medicare notice shows care you never received, move quickly and keep everything in writing.
Call your insurer or Medicare using the number on your card, not a number from a random text, email or voicemail.
Ask for the provider name, date of service, claim number and service details.
Contact the provider in writing and request the medical or billing records tied to that claim.
Report the error to your insurer's fraud department.
File a report at IdentityTheft.gov if your medical identity was used. That gives you a recovery plan and documentation you may need if fraudulent bills or collections show up later.
Keep copies of every bill, EOB, letter, portal message, police report and case number.
Request your records from every provider, clinic, pharmacy, lab and insurer the thief may have used, then report each error in writing. Under HIPAA, a provider generally has 30 days to give you access to your records after a written request, with a possible 30-day extension.
Fixing the record itself can take longer. HHS says a covered provider or health plan usually has up to 60 days to act on a request to amend a medical record, with a possible 30-day extension in certain cases. If the provider or plan created the wrong information, it must amend inaccurate or incomplete information.
There's one catch, though: a provider may refuse to release records that now contain a stranger's information, citing that person's privacy. If that happens, ask for the provider's privacy officer or patient advocate. You can also file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights if you do not get your records or an explanation within the required window.
TEXAS DATA BREACH HITS 3M LICENSE CUSTOMERS
A freeze blocks new accounts, but it does nothing about a claim filed with your insurance number. Because medical identity theft can move without touching your credit file, monitoring where your personal information appears is the earliest way to act on it.
An identity theft protection service can monitor the dark web, data broker sites and people-search sites for exposed SSNs, driver's license numbers, medical ID numbers and email addresses. It can also track all three credit bureaus for medical collections that may follow and flag public-record changes tied to your name.
If misuse happens, some services include fraud resolution support to help you request records, dispute fraudulent claims and work with providers, insurers and credit bureaus. Some plans also include identity theft insurance for eligible recovery costs.
No service can prevent every misuse of your medical identity. However, ongoing monitoring may flag exposed information before another person's treatment reaches your records and your insurance.
See my tips and best picks on Best Identity Theft Protection at CyberGuy.com.
Medical identity theft hits in a place most of us rarely check: our health records. A stolen credit card can usually be canceled quickly. A stolen Medicare or insurance number can create fake claims, wrong diagnoses and benefit headaches that follow you long after the fraud case ends. I would not wait for a credit alert here. Check your EOBs, Medicare Summary Notices and insurer portals for visits, prescriptions or equipment you never received. Also, treat your insurance card like a payment card. Do not give the number to anyone who calls, texts or emails out of nowhere with a free offer. The most important thing is to act fast. Call your insurer or Medicare, ask for the claim details and request your medical records in writing. Then file at IdentityTheft.gov, so you have the paperwork you need if fraudulent bills or collections show up later.
Have you ever spotted a medical bill, insurance claim or EOB for care you never received? Let us know by writing to us at CyberGuy.com.
Sign up for my FREE CyberGuy Report
Copyright 2026 CyberGuy.com. All rights reserved.
Google turns old phones into cloud servers
That old phone sitting in your drawer may have more life left in it than you think. You may look at it and see a dead battery, an outdated camera or a screen that no longer feels worth using. Google and researchers at the University of California San Diego see something else: a tiny computer that may still have useful processing power.
Their idea is called phone cluster computing. Instead of treating retired smartphones as electronic waste, researchers remove the motherboard and redeploy it as part of a low-carbon computing system.
Google says UC San Diego plans to launch a data center built from 2,000 Pixel smartphones in fall 2026. The goal is to provide low-cost cloud computing for students and researchers while reducing the need for newly manufactured server hardware.
That means the next chapter for an old phone may not be a junk drawer. It may be a server rack.
YOU COULD GET PAID FROM GOOGLE’S ANDROID DATA LAWSUIT
Sign up for my FREE CyberGuy Report
Phone cluster computing takes retired smartphones and turns their core hardware into a computing platform. The process starts by stripping each phone down to the motherboard. That board holds the processor, memory and storage. The display, battery, cameras, chassis and other phone-specific parts are removed.
That step is important because a full phone does not belong in a data center. Batteries can create safety issues. Screens and cameras waste space. The motherboard is the part that still offers computing value.
Once the board is removed, researchers load a general-purpose Linux system onto it. Android already runs on Linux at its core, but Android is built for mobile apps and personal devices. A data center needs something more flexible for cloud workloads. After that, the phone boards can be grouped into clusters. Many small boards then work together like a collection of tiny servers.
The AI boom has created a huge appetite for computing power. Data centers need more chips, more electricity and more cooling. At the same time, billions of phones fall out of use around the world.
This Google-backed project takes that conversation in a different direction by asking whether some useful computing can come from hardware we already made.
The project focuses on embodied carbon. That means the emissions created before a device ever turns on. Mining, manufacturing and shipping all add to that carbon footprint.
If a phone motherboard already exists, reusing it can avoid some of the environmental cost tied to manufacturing new hardware. Google says the motherboard accounts for about half of a phone's embodied carbon, which makes it the most valuable part to recover.
You cannot plug a pile of old phones into a rack and call it a data center. The process requires careful teardown, new software and a way to manage many boards at once. Google says the project uses containerized applications managed by Kubernetes. That helps coordinate the work across many devices.
The phones are organized into self-managing clusters of about 25 to 50 boards. Each board works as a small Linux machine. Together, they can handle tasks that would otherwise run on traditional cloud servers. That does not make one phone equal to one server. A server has many more processor cores, more memory and data center-grade hardware. A phone board has fewer resources and tighter limits. Still, some jobs do not need a giant machine. They need enough compute to run efficiently without wasting resources.
GOOGLE ENGINEER STOLE AI SECRETS FOR CHINA, SENATE HEARS IN EXPLOSIVE TESTIMONY
The technical case is stronger than you may expect. Google says the single-threaded performance of modern smartphone performance cores can match or beat the per-core performance of some modern multicore servers. In one comparison, a 2023 Pixel Fold was tested against an ASUS RS720A-E11 server using SPEC benchmarks. The Pixel Fold's performance cores beat the baseline data center server core on many of the tests. That sounds impressive, but there is an important catch.
A smartphone board has a smaller memory limit and fewer cores. It also lacks the management tools and hardware durability that servers are built around. So the project needs the right workloads.
UC San Diego is starting with educational and research computing. That makes sense because many classroom tasks can run on small cloud instances. Google says early experiments showed that a 20-phone cluster could support peak submission rates for a class of more than 75 students. The grading latency also came in below the default AWS backend used in the comparison.
UC San Diego plans to use the 2,000-phone cluster to support computer science classes and research workloads. Google says the deployment could support about 100 classes at once. It also describes the system as providing about 50 server-equivalents worth of compute at a fraction of the usual cost.
For a university, that could be a major advantage. Cloud computing costs can rise quickly, especially when many students submit assignments at the same time. If a reused phone cluster can handle some of that load, schools may save money while reducing demand for newly manufactured servers.
This also gives researchers a chance to test phone-based computing at scale. A small lab demo can look promising. A 2,000-board deployment will show much more about reliability, maintenance and day-to-day performance.
Phone cluster computing sounds promising, but it still has a lot to prove. Your smartphone was made for daily use in your hand, not nonstop work inside a data center. Data center servers are built to run for years with steady cooling, fast repairs and constant monitoring. Phone motherboards come from devices made for pockets, backpacks and kitchen counters. That alone raises some big questions.
The boards could fail faster than expected. Cooling may also become a challenge once thousands of tiny processors run side by side. Then there is the labor problem, because someone has to safely remove batteries, screens and other parts before the boards can be reused. Cost will be the deciding factor. If teardown, maintenance and replacement work get too expensive, this idea may stay in the research lab.
Phone clusters also will not replace the massive GPU systems that power advanced AI training. They make more sense for smaller cloud jobs, classroom tools and research tasks that fit within smartphone hardware limits. That still leaves plenty of useful work. After all, not every cloud task needs the newest chip.
The world's e-waste problem is growing fast. The Global E-waste Monitor projects that electronic waste could climb to 82 million tonnes by 2030, while formal collection and recycling rates are expected to fall to 20%. Old phones are a big part of that problem because many never make it to a proper recycling program. They sit in drawers, land in closets or get tossed out with valuable parts still inside. Even when a phone no longer feels useful to you, its processor, memory and storage may still have work left to do.
CyberGuy has covered related second-life ideas before, including old smartphones being turned into tiny data centers and repurposed EV batteries helping power AI data centers. The common theme is hard to ignore. Some of the hardware already in circulation may still have useful work left to do.
FIVE DATA BROKER OPT-OUT MYTHS THAT LEAVE RETIREES EXPOSED
This research does not mean you should toss your old phone into a random donation bin tomorrow. Before you recycle, donate, trade in or sell an old phone, you need to protect your data. Back up anything you want to keep. Then sign out of your accounts and securely wipe the device.
CyberGuy has a helpful guide on how to securely get rid of your old cell phone. Privacy comes first whenever you part with a device.
You can also consider trade-in programs, certified refurbishers or reputable electronics recycling programs. If the phone still works, buying refurbished can also keep devices in use longer. CyberGuy has covered what to know before buying refurbished electronics, which is helpful if you want to save money without taking a gamble. The key is to avoid letting old devices sit forgotten forever. A phone in a drawer helps no one.
That old phone in your drawer may not be as useless as it looks. Even if the battery is tired or the camera feels outdated, the processor inside may still have real value.
Now, you probably will not be mailing your old phone to a Google data center anytime soon. Still, this project points to a bigger shift in how we think about retired tech. Instead of sending every old device straight to recycling or letting it collect dust, companies, schools and researchers may find smarter ways to reuse the parts that still work.
There is also a money lesson here. If your current phone still runs well, you may not need to rush into an upgrade just because a newer model comes out. A battery replacement, trade-in or refurbished option could save you money while keeping perfectly good hardware in use longer. To me, that is the real takeaway. The phone you forgot about could possibly still have a job to do.
Your phone holds your email, passwords, photos, banking apps and personal data. In this free CyberGuy Live replay, Kurt the CyberGuy walks you step by step through simple phone security fixes you can do at your own pace. You’ll learn how to improve your privacy settings, spot the latest phone scams, use trusted security tools and walk away with a simple checklist to stay protected. Watch the replay and get our checklist here: CyberGuyLive.com.
Google and UC San Diego are testing how to turn retired Pixel phone motherboards into a low-carbon cloud computing platform. The project could give old smartphones a second life while reducing the need for newly manufactured servers. That is important as AI data centers keep demanding more computing power and more electricity. The first major test is expected in fall 2026 with a 2,000-phone data center at UC San Diego. If it works, the cluster could support students and researchers at a lower cost than traditional cloud infrastructure. However, this idea still has to prove it can handle the grind of daily use. Reliability, cooling, teardown labor and maintenance will determine whether phone cluster computing can grow beyond just research. To me, the most relatable part is sitting in your junk drawer. That old phone may seem useless, but its processor could still be powerful enough to help run cloud jobs. Maybe the future of computing starts with hardware we already forgot we owned.
Would you feel good knowing your old phone could help power cloud computing? Let us know by writing to us at CyberGuy.com.
Sign up for my FREE CyberGuy Report
Copyright 2026 CyberGuy.com. All rights reserved.
Apple AI security update proves hackers move fast
A security update rarely feels dramatic. You see the alert, promise yourself you will install it later and then go right back to whatever you were doing. This time, Apple is giving you a stronger reason to pay attention.
Apple released iOS 26.5.2, iPadOS 26.5.2 and macOS Tahoe 26.5.2 on June 29, 2026. The updates include security fixes for vulnerabilities tied to the kernel, WebKit and WebRTC. Apple says these fixes were first made available through the iOS 26.6, iPadOS 26.6 and macOS Tahoe 26.6 betas before being pushed out early to everyone.
That is the part that should make you pause. Apple usually rolls many security fixes into larger software updates. This time, the company moved faster.
AI IS NOW POWERING CYBERATTACKS, MICROSOFT WARNS
Sign up for my FREE CyberGuy Report
Apple reportedly accelerated the updates because artificial intelligence can help speed the creation of malicious hacking tools. Once a fix appears in a beta, attackers may be able to study it, reverse-engineer the weakness and move faster than before.
Apple said there was no evidence that the newly patched vulnerabilities had been exploited. Still, the company wanted to shrink the time between when fixes were first visible and when they reached your devices.
That is a major shift. It suggests Apple sees AI as a force that changes the timing of security. A flaw that once gave defenders more breathing room may now become a race.
Apple's iOS 26.5.2 and iPadOS 26.5.2 notes list fixes for iPhone 11 and later, along with several supported iPad models. The security content includes kernel vulnerabilities that could let an app crash the system, corrupt kernel memory or leak sensitive kernel state.
The update also fixes multiple WebKit issues. WebKit powers Safari and web content inside many apps. Some of these flaws involved malicious web content that could lead to crashes, memory corruption, data leaks or sandbox escapes.
Apple also fixed WebRTC issues that could be triggered by malicious web content and lead to Safari or process crashes.
For Mac, Apple lists macOS Tahoe 26.5.2 as the current release. If your Mac runs macOS Sonoma or macOS Sequoia, Apple also lists Safari 26.5.2 as a June 29, 2026, security release.
AI can help legitimate researchers find bugs faster. That is good when the work leads to stronger software and responsible disclosure. However, the same general capability can also help bad actors move faster. A criminal does not need to understand every line of code if an AI tool can help summarize a patch, compare software changes or suggest where a weakness may be hiding.
That is why Apple's move is important. It shows that big tech companies may need to release security fixes sooner and more often, even when those updates do not include flashy new features. The wider AI world adds pressure here. Frontier AI companies have released or tested systems with stronger coding and cybersecurity capabilities. Some models are available only through limited previews, approved access or extra safeguards because of their potential cyber use.
Similar efforts are also emerging outside the United States. Several international AI labs and security companies now promote models designed to find vulnerabilities, analyze code and assist cyber defense. The takeaway for you isn’t that AI is automatically bad. The real point is speed. Security teams, attackers and AI tools are now moving on a shorter clock.
Before you update, plug in your device and connect to Wi-Fi. You may also want to back up your iPhone or iPad first.
Then do this: Open Settings > General > Software Update > Download and Install.
After the update finishes, go back to Settings > General > Software Update > Automatic Updates. Make sure automatic updates are turned on. Apple also lets your device automatically install system file updates that improve security without changing the full software version. If you do not see the update right away, check again later. Apple releases updates in stages, and your device also needs enough battery and storage.
On a Mac, start with a backup. Then click the Apple menu > System Settings > General > Software Update . Choose Update Now if macOS Tahoe 26.5.2 appears.
Next, check your background update settings. On macOS Tahoe 26 or later, go to Apple menu > System Settings > General > Software Update . Click the More Info button next to Automatic Updates and make sure Install system data files and security updates is turned on.
If your Mac runs Sonoma or Sequoia, look for Safari 26.5.2 in Software Update as well. That Safari update may be the protection your Mac needs if you are not on Tahoe.
BEWARE OF HACKERS SHOWING UP PRETENDING TO BE IT
You may see more security updates that feel sudden or small. That can be annoying, especially when you are busy or your device needs to restart.
Still, these updates are becoming more important. Apple is reacting to a world where AI can help shorten the time between a public fix and a possible attack.
So, when your iPhone, iPad or Mac asks you to update, do not treat it like background noise. The update may be closing a door someone else is already trying to find.
Installing the Apple AI security update is the best first move. After that, tighten a few habits that make attacks harder.
Your operating system is only part of the security picture. Outdated apps can still create risk, especially if they handle messages, web links, photos, files or account logins. Open the App Store and install available updates regularly.
Be careful with links in texts, emails and social media messages. WebKit and browser flaws are a reminder that malicious web content can be part of an attack. When in doubt, open the official app or website yourself instead of tapping a link.
Use strong, unique passwords for every account and store them in a password manager. Then turn on two-factor authentication (2FA) wherever possible. If one password gets exposed, you do not want it opening the door to your email, bank or Apple account.
Use strong antivirus protection on your Mac and other connected devices. It can help catch malicious files, phishing attempts and suspicious activity before they do damage. Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android and iOS devices at CyberGuy.com.
Back up your iPhone, iPad and Mac before problems hit. A recent backup can help you recover faster if an update fails, your device gets stolen or malware locks you out of important files. CyberGuy's guide to backing up your devices walks you through ways to protect your files using cloud storage, an external drive or both.
Use a personal data removal service to reduce how much of your personal information is floating around online. Data brokers and people-search sites can expose your name, address, phone number and relatives. Scammers can use those details to make phishing messages feel more believable. Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting CyberGuy.com.
Apple's early security release shows how fast the cyber threat landscape is changing. The company says there is no evidence these newly patched flaws were exploited, but it still moved the fixes out before the wider 26.6 release. That tells me the old habit of waiting weeks to update is getting riskier. AI can help defenders, but it can also help criminals study weaknesses faster. My advice is direct: update your Apple devices now, turn on automatic security updates and stop putting off patches that protect the phone and computer you use every day.
Do you think AI will make your devices safer because companies can find flaws faster, or more vulnerable because hackers can move faster too? Let us know by writing to us at CyberGuy.com.
Sign up for my FREE CyberGuy Report
Copyright 2026 CyberGuy.com. All rights reserved.