Earlier this month, the California Attorney General’s office filed charges against 21 people tied to a $267 million Medi-Cal hospice fraud ring.

The case, dubbed Operation Skip Trace, accuses the defendants of buying stolen personal information on the dark web, enrolling those identities in Medi-Cal through Covered California, and running 14 shell hospice companies that billed the state for end-of-life care that was never provided.

The patients were not dying. In many cases, they did not even live in California. They were names and Social Security numbers pulled from data breaches and turned into billing line items.

Sign up for my FREE CyberGuy Report

• Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
• For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com – trusted by millions who watch CyberGuy on TV daily.
• Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.

DOCTOR DENIES KNOWING ABOUT RAMPANT LA-AREA MEDICARE FRAUD USING HIS PROVIDER NUMBER

How hospice fraud scams actually work

Scammers pay people to put hospice companies in their names, even though they do not run them. This hides the real operators and gives the group a licensed business it can use to submit bills. Behind the scenes, others buy stolen personal information from dark web marketplaces. This includes names, dates of birth, Social Security numbers and addresses.

They then use that information to enroll people in Medi-Cal through Covered California and list them as terminally ill hospice patients. Next, the companies submit claims for visits, prescriptions and daily care tied to those names. They never provide any services. Because hospice care pays a flat daily rate, the billing continues as long as the identity stays active.

Why Los Angeles is the epicenter of hospice fraud

Operation Skip Trace is the latest in a string of hospice fraud cases that federal and state officials have been tracking for years. The typical hospice in Los Angeles County bills Medicare roughly $29,000 per patient, more than double the national average. Of the roughly 1,800 hospices operating in LA County, more than 700 have triggered multiple fraud red flags, according to state auditors.

On March 23, 2026, the U.S. House Committee on Oversight and Government Reform sent a letter to California Governor Gavin Newsom requesting documents on the state’s oversight of federally funded hospice programs. Committee members cited a “well-documented history of fraud,” including agencies enrolling beneficiaries without their knowledge and overbilling Medicare.

The Centers for Medicare & Medicaid Services estimates that Los Angeles County alone accounts for roughly $3.5 billion in hospice fraud. Newsom’s office said California has revoked more than 280 hospice licenses, maintained a moratorium on new providers and has hundreds more operators under investigation.

GOOGLE SEARCH LED TO A COSTLY SCAM CALL

What hospice fraud means for your identity and coverage

Most identity theft stories focus on credit cards, tax returns or new loans. Those usually show up on your credit report. Hospice fraud works differently. Scammers can use your information inside a Medicare or Medi-Cal billing system without triggering a credit alert or hard inquiry. That means it can go unnoticed.

Watch for warning signs like Medicare Summary Notices listing services you never received, Medi-Cal enrollment letters in your name or explanation-of-benefits statements from providers you have never visited.

If you apply for coverage later, you could face a denial because records show you are already enrolled in another state. If your data was exposed in a breach, it may already be circulating on the dark web.

How to spot hospice fraud and report identity theft

The Centers for Medicare & Medicaid Services recommends reviewing your Medicare Summary Notice each quarter through MyMedicare.gov. If you are enrolled in Medi-Cal, check your Covered California account for unexpected activity and report anything suspicious to the California Department of Health Care Services through its Stop Medi-Cal Fraud line.

Suspected Medicare fraud can be reported to 1-800-MEDICARE or directly to the HHS Office of Inspector General at oig.hhs.gov/fraud. The Senior Medicare Patrol offers free help reviewing statements and filing reports in every state. If you notice unfamiliar charges or enrollment activity, place a fraud alert with Equifax, Experian and TransUnion. Medical identity theft often overlaps with other types of fraud.

How identity theft monitoring helps catch hospice fraud

Hospice fraud schemes like Operation Skip Trace often begin long before billing ever happens. The personal data used is typically traded on dark web marketplaces after large data breaches. Services like Aura monitor these marketplaces and data broker listings for exposed personal information, including Social Security numbers, driver’s licenses, and email addresses. They also track public record changes, such as address updates that may signal fraudulent enrollment, and monitor credit files across Equifax, Experian, and TransUnion.

If suspicious activity is detected, users receive support from fraud resolution specialists who help contact agencies, prepare documentation, and dispute unauthorized accounts. Plans may also include identity theft insurance for eligible recovery costs.

No service can prevent every misuse of a stolen identity. But when fraud happens inside systems you rarely check, like Medicare or Medi-Cal, early alerts can make a critical difference.

How credit monitoring helps detect identity theft early

Credit monitoring services track activity across the major credit bureaus and alert you when something changes. That gives you a chance to act quickly by freezing your credit, disputing unfamiliar accounts or contacting the lender.

Many services monitor your credit across Equifax, Experian and TransUnion and send alerts soon after activity is reported, so you are not waiting for a daily update to spot a problem.

Some tools also let you lock your credit file with a single tap, which can help stop new applications before they are approved.

Beyond credit reports, certain services monitor other personal data that may be exposed in breaches or sold online. That can include email addresses, phone numbers, driver’s license details and even medical IDs, all of which can be used in identity theft schemes.

While no service can prevent every type of fraud, having real-time alerts and broader monitoring can help you catch suspicious activity earlier and limit the damage.

See my tips and best picks on Best Identity Theft Protection at CyberGuy.com

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Kurt’s key takeaways

This case shows how identity theft is evolving. It is no longer just about draining bank accounts or opening credit cards. Scammers are now turning people into invisible patients inside systems most of us never check. That shift makes this fraud harder to detect and slower to stop. The best defense is to know where your information can appear and to check systems you would not normally review.

If someone could use your identity for months without you knowing, would you ever catch it before the damage is done?  Let us know by writing to us at CyberGuy.com

Sign up for my FREE CyberGuy Report

• Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
• For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com – trusted by millions who watch CyberGuy on TV daily.
• Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.  

Copyright 2026 CyberGuy.com. All rights reserved.

When you’re juggling more than just your own calendar, staying organized can be overwhelming. Fortunately, the Skylight Calendar 2 can help simplify things by syncing multiple calendars in a single spot, and now through May 7th, it’s available directly from Skylight for $259.99 ($40 off), its best price to date.

Skylight’s 15-inch smart calendar improves upon the original with a brighter screen, faster performance, and a slimmer design with swappable magnetic frames. Otherwise, though, it offers the same core experience, making it easy for the whole family to see events at a glance, whether you mount it on a wall or place it on a kitchen counter using the included adjustable stand. It automatically syncs with Google, Apple, Yahoo, Outlook, and Cozi calendars, pulling them into a single shared space that updates automatically. Each household member gets their own color, too, so it’s easy to keep track of who’s doing what.

In addition to event planning, the Calendar 2 makes it easier to arrange and assign other day-to-day tasks. You can create and manage shared chore charts, grocery lists, and to-do lists directly on the touchscreen device or through the mobile app for Android and iOS, which makes it easy for everyone in your household to stay on track and contribute. Skylight also provides detailed weather forecasts for your events, so you know what to expect before heading out.

If you subscribe to Skylight’s Calendar Plus plan, the Calendar 2 takes even more of the work off your plate. You can forward emails, upload PDFs, or snap photos of flyers and automatically turn them into calendar events. You also get meal planning tools that let you plan breakfast, lunch, dinner, and snacks for the week, as well as the ability to assign chores and reward kids for completing them. Plus, just for fun, there’s a screensaver mode that turns the display into an ad hoc digital photo frame when it’s not actively being used as a calendar.

There is a new AI model called Mythos. Anthropic built it for defensive cybersecurity research. It is so effective at finding software vulnerabilities that Anthropic decided the general public cannot have it.  

Instead, it is letting a small circle of trusted partners like Microsoft and Google experiment with it first under controlled conditions, while researchers figure out what guardrails need to exist.

That decision alone should tell you something. When the company that built a tool decides the world is not ready for it, you pay attention. And when you understand what Mythos actually did during testing, that caution starts to make complete sense.

WINDOWS PCS AT RISK AS NEW TOOL DISARMS BUILT-IN SECURITY

Sign up for my FREE CyberGuy Report

• Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
• For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com — trusted by millions who watch CyberGuy on TV daily.
• Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.

How Anthropic’s Mythos AI found 2,000 vulnerabilities in seven weeks

Seven weeks. One AI model. One team. More than 2,000 previously unknown software vulnerabilities were found. If you need a moment with that, take it. John Ackerly, CEO and co-founder of Virtru, a data security company, put that figure into perspective in a way that is hard to shake.

“Mythos is absolutely a turning point for cybersecurity. Think about it. Mythos didn’t pick a lock; it found thousands of locks that were never locked in the first place (that no one even knew existed) in software that the best human security researchers had studied for decades.

The math is staggering. One AI model, and one team, in seven weeks, found more than 2,000 zero-day vulnerabilities. That is 30% of the world’s entire annual output prior to AI. When thousands of researchers get access to AI models like Mythos, a single year will surface exponentially more zero-days than the 360,000 recorded in all of software history.

Mythos and other AI models like it can now find and exploit software flaws at a speed and scale that is beyond containment. This means that the old approach of building stronger walls around systems and hoping they hold is becoming much less reliable. It also means that the manual “find a vulnerability, patch the vulnerability” process is not going to keep pace with a threat landscape bolstered by the speed and scale of AI.

The threat surface is now expanding faster than any wall can contain it. The only answer to this new dynamic is to protect the data itself, rather than prop up perimeter protection around it.

Thirty percent of the world’s annual output in seven weeks changes the game entirely.

What makes Mythos AI different from other AI security tools

Cybersecurity teams have used AI tools for years. So, what makes this different?

Ackerly explains it this way: “What makes this different is the level of autonomy and speed it enables. Mythos is being described as a system that can discover vulnerabilities and even generate working exploits much faster than traditional human-led workflows. This model could make it easy for a bad actor to identify and exploit vulnerabilities in software, even if that bad actor isn’t knowledgeable or trained.”

That last part matters most. Before a tool like this, exploiting a serious software vulnerability required real technical skill. Mythos AI lowers that barrier significantly. A person with bad intentions and no technical background could potentially use a model like this to cause serious damage. The expertise gap that once offered some natural protection is closing.

FAKE PAYPAL EMAIL LET HACKERS ACCESS COMPUTER AND BANK ACCOUNT

Why Anthropic’s Mythos AI is breaking down perimeter security

Most cybersecurity spending, the overwhelming majority of it, goes toward what experts call perimeter defense. Think firewalls, network monitoring, endpoint security and intrusion detection. The entire strategy is built on one core idea of keeping the bad actors out, and the data inside stays safe.

Ackerly describes how that model is now breaking down.

“The perimeter is the digital wall around your systems and the information you possess. For decades, cyber strategies have primarily focused on the idea that if you protected the perimeter well enough — if you built a strong enough wall — the sensitive data on the inside would stay safe,” Ackerly said. 

“The industry has poured hundreds of billions of dollars into firewalls, endpoint detection, network security, application security and other perimeter defenses. Traditional security architecture by itself cannot keep pace in this new world.

“The Mythos development from Anthropic is making a hard truth very apparent: Time is running out for companies to prepare for this new reality. Shifting focus from ‘protecting the perimeter’ to ‘protecting the data’ is critically important to mitigate data loss or compromise.”

Hundreds of billions of dollars. And now the model those dollars were built on is becoming unreliable. It forces a full rethink.

Does Anthropic’s Mythos AI give attackers the advantage?

This is the question everyone wants a straight answer to. Ackerly offers one that is more nuanced than a simple yes or no.

“I wouldn’t frame it as attackers automatically having an advantage. But, over time, it does mean that ‘bad guys’ and ‘good guys’ will have access to essentially the same tools. As a result, I do think defenders absolutely need a different strategy. If you assume the outer wall may fail, then the smarter move is to protect the data itself so it stays controlled even after a breach.”

The playing field is leveling. And that may sound fair until you remember attackers only need to succeed once, while defenders have to succeed every time.

How fast is Mythos AI changing the cybersecurity threat landscape?

Speed is what makes Mythos AI genuinely alarming. Traditional cyberattacks move through a lifecycle. Reconnaissance takes time. Finding the right vulnerability takes more time. Building an exploit takes more time on top of that.

Ackerly explains what happens when AI compresses all of that.

“AI is accelerating the threat. A model that can find and exploit vulnerabilities autonomously compresses the attack lifecycle from weeks to hours, or even minutes. Every layer of the traditional security stack now has to operate at machine speed. Manual security architectures cannot keep up.

“But AI also makes data-centric security more powerful, not less so. When every piece of sensitive data is protected at the object-level, AI agents can enforce governance at scale by checking entitlements, applying attribute-based access controls, and auditing data flows in real time. The same capabilities that make Mythos a dangerous tool in the hands of ‘bad guys’ make it a valuable tool in the hands of ‘good guys.’”

The question organizations should be asking shifts from “how do I build higher walls?” to “when the walls fail, is my data still protected?” That is the question worth sitting with.

What Mythos AI means for regular people’s personal data

Most of the Mythos coverage has focused on corporate risk. But your bank account and medical records sit in those same vulnerable systems.

“For everyday people, the first change is that breaches and scams could become more frequent, more targeted, and harder to spot. If AI makes it easier to uncover weak points in the systems we all rely on, that can translate into more pressure on the services that hold our personal data, from email and cloud storage to health, banking, and retail platforms.

Consumers shouldn’t assume a company is doing the right thing with their data. Now, they really can’t assume a company’s outer defenses are enough to protect their information.

This also highlights the importance of basic cyber hygiene like unique passwords and MFA, so that when breaches happen, the scope of impact on your own personal data is contained.”

Your bank account, your medical records, your tax documents, your private messages. All of it already lives across dozens of platforms you trust to protect it. If those platforms’ outer defenses are no longer reliable, what exactly is standing between your data and someone who wants it?

Ackerly goes further on where the exposure actually lives. “Data now travels across clouds, devices, partners, and borders. The risk isn’t just one hacked server in one building anymore. It’s all the places your data passes through or gets copied to along the way. 

Was Anthropic right to keep Mythos AI restricted?

Anthropic made a choice that is rare in the AI industry. They built something powerful and then decided not to release it widely.

On that decision, Ackerly is direct. “Anthropic’s decision to withhold Mythos from general release is unprecedented and, frankly, responsible. Time will tell what these partners are able to do with regard to safety, but releasing it to the general public would certainly have been ill-advised and dangerous.”

Unprecedented. That word deserves weight here. In an industry that races to release new tech, Anthropic stopped. That speaks volumes.

We reached out to Anthropic for a comment, but did not hear back before our deadline.

THIRD-PARTY BREACH EXPOSES CHATGPT ACCOUNT DETAILS

How to stay safe as cybersecurity shifts

The perimeter model is deteriorating, but that does not mean you are helpless. Individual behavior still matters, and it matters more now than it did before.

Ackerly’s recommendation is this: “Stop assuming the app, platform, or company perimeter can always protect your information, or that they will do the right thing with your data. People should be much more deliberate about what data they share, where they store it, and who can access it. Protection needs to travel with the data, not just sit at the edge of a network. For you, that means choosing services that give you stronger control over your information and being more cautious about oversharing sensitive data in the first place. The data owner should always have governance over said data.” So where do you start?

1) Use unique passwords for every account

A password manager makes this realistic. If one platform gets breached, unique passwords keep the damage isolated to that one account.

2) Turn on multi-factor authentication wherever it is available

Multi-factor authentication (MFA) adds a layer that survives even when a password is compromised. It is one of the highest-impact steps an individual can take.

3) Run strong antivirus software and keep devices updated

Outdated software is one of the most common entry points attackers use. Strong antivirus software catches threats your instincts might miss, and keeping apps and operating systems current closes the gaps that models like Mythos are built to find. Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com

4) Be selective about what you share and where

Every app that holds your data is a potential exposure point. The less you overshare, the smaller your footprint becomes.

5) Use a data removal service

Data brokers collect and sell your personal information, often without you ever knowing. Data removal services find where your data is listed and request its removal. You cannot control every place your information travels, but you can shrink the trail it leaves behind. Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com

6) Choose services that offer real data control

Not all platforms treat your data the same way. Look for services that let you see, manage and limit how your information is used and where it goes.

7) Monitor your accounts and credit

Catching a breach early limits the damage significantly. Set up account alerts wherever your bank or financial platform allows it. A credit freeze costs nothing and stops new accounts from being opened in your name without your knowledge.

8) Stay skeptical of phishing attempts

Ackerly warned that scams will get more targeted and harder to spot as AI lowers the barrier for bad actors. Scrutinize every link before you click it and treat unexpected emails or texts asking for login information as suspicious by default. If something feels off, it probably is.

9) Assume breaches will happen

The goal is to limit how much damage they can do. When you operate with that assumption, your decisions about data hygiene get sharper, and your exposure gets smaller.

Take my quiz: How safe is your online security?

Think your devices and data are truly protected? Take this quick quiz to see where your digital habits stand. From passwords to Wi-Fi settings, you’ll get a personalized breakdown of what you’re doing right and what needs improvement. Take my Quiz here: Cyberguy.com    

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Kurt’s key takeaways 

Mythos did not create the vulnerability problem. It made the scale of it visible in a way that is no longer ignorable. The foundation of modern cybersecurity, the idea that strong enough walls will keep data safe, is being tested in real time by a technology that moves faster than any human team can. That is a consumer story as much as it is a corporate one. Your data lives in systems built on that old model. 

And the moment to think differently about how it is protected is now, not after the next major breach makes the headlines. Anthropic made a responsible call by limiting access to Mythos. But the model exists. The capability is real. Other versions of it are being developed. The question for every organization and every individual becomes the same one Ackerly keeps returning to.

When the walls fail, and experts are telling us they will, what is actually protecting your data on the other side? Let us know your thoughts by writing to us at Cyberguy.com

Sign up for my FREE CyberGuy Report

• Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
• For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com – trusted by millions who watch CyberGuy on TV daily.
• Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.

Copyright 2026 CyberGuy.com. All rights reserved.