In this article:
In this article:
Scammers are after your healthcare data. Learn how to prevent medical identity theft and what to do if your personal health information has been leaked.
In this article:
In this article:
Identity theft is one of the fastest-growing crimes in America. But scammers aren’t just after your credit card numbers and passwords — they also want your medical insurance information.
Medical identity theft occurs when scammers gain access to your health insurance data and use it to obtain medical procedures, submit fraudulent insurance claims, or request prescription drugs illegally.
Your personal health information (PHI) is more valuable on the black market than credit card numbers and Social Security numbers (SSNs) — fetching anywhere from $10 to $1,000 [*].
That’s what happened to one California man, whose stolen identity was used to obtain tens of thousands of dollars in medical treatments at hospitals across the United States. The victim spent years fighting hospital billing departments over the fraudulent charges [*].
In this guide, we’ll explain how you can help prevent medical identity theft and what to do if you think someone has accessed or compromised your PHI.
{{show-toc}}
More than 50 million Americans have been impacted by healthcare data breaches in the first half of 2023 alone [* *]. Follow these tips to help protect your health data and prevent medical identity theft:
Medical identity theft is often considered a silent crime. You might not realize that your medical identity has been stolen until you start receiving unfamiliar medical bills or improper medical care.
To keep your health care information safe, it’s important to spot the early warning signs of medical identity theft and address it before an identity thief causes too much damage.
Here are some of the most common warning signs of medical identity theft:
The bottom line: Any unfamiliar medical bills, debts, or treatment notices are clear warning signs that someone is using your medical identity, and you need to act quickly.
If you have health insurance, whenever you receive medical treatment your insurance company sends an Explanation of Benefits (EOB) and a separate bill to your mailing address.
The EOB contains a breakdown of the services you received, how much is covered by insurance, and how much you owe. The bill reflects the final amount that you’re required to pay.
You might look at the EOB and assume it’s another piece of junk mail, but you should always review every page of these documents closely. Verify that all services on the EOB are accurate. If you don’t recognize one of the services on your EOB or bill, contact your healthcare provider immediately.
What to look for when reviewing your EOB:
You may not use your health insurance ID card often, but you should still protect it the way you would safeguard your credit cards or driver’s license. If you lose your health insurance card or Medicare card, someone could find it and get access to your plan information — opening the door to medical identity theft.
In case of an emergency, you should always have your health insurance ID card details nearby. But instead of relying on a physical card, you might be able to access a digital ID card through your smartphone. This eliminates the need to carry a card in your wallet. Just make sure to use your phone’s security features — such as biometric logins — to protect your digital card in the event that your phone gets stolen.
What to do if your health insurance card is lost or stolen:
Leaving mail sitting in your mailbox could leave you susceptible to medical identity theft, especially if you’ve recently received health care. Sneaky thieves could sort through your mail and steal letters that look like they might contain personal information, such as a bill from your medical provider.
As a best practice, you should always collect your mail as soon as you can, particularly if you’re expecting an EOB or bill from your doctor. If you’re going to be on vacation or away from home for a few days, ask a trusted friend or neighbor to collect your mail and hold onto it until you return.
💡 Related: Someone Stole My Mail! What Should I Do? →
Data breaches and cyber attacks are among the most common ways that hackers gain access to your health insurance information. For example, in July 2023, HCA Healthcare disclosed that the health information of 11 million patients was leaked in a recent data breach [*].
While you can’t control the digital security of services that store your medical and personal information, you can take steps to secure your own online accounts against hackers.
How to secure your online accounts against hackers:
If you’re seeing a new doctor or specialist, you might need to let them know about your past medical history, surgeries, drug and alcohol use, prescriptions you’re taking, and similar information that could inform treatment. But if you’re unsure why the doctor needs certain information, always ask whether you’re required to provide it.
When you give personal health information to your doctor, it gets stored in your electronic medical record (EMR). If the office’s network gets hacked, an identity thief could gain access to your EMR and use your information to commit medical fraud. If you can omit some of your personal health details, it could keep you safer in the long run.
Questions to ask before sharing personal health details:
Another common way that scammers get your health insurance number is through phishing scams. You might get an unsolicited email, text message, or phone call from someone asking you to provide your insurance information.
If you find yourself in this situation, never reveal your information. If the request is from a legitimate person, you should be allowed to verify the information in another way (like going to the doctor’s office in person if the person contacting you is from the billing department).
How to spot the signs of a phishing scam:
One of the biggest dangers of identity theft is a damaged credit score. If scammers use your personal information to rack up medical debt, this can have a major impact on your credit score.
To protect yourself against medical ID theft, it’s a good practice to monitor your credit report for unpaid medical bills. If you notice an outstanding bill that’s unfamiliar, or if it’s from a medical facility or provider that you don’t recognize, it’s possible that you’re getting scammed.
How to monitor your credit report:
Keep a detailed log of all the medical care that you receive so you can prove your medical history in the event that your identity is stolen.
Once a year, request a copy of your most recent medical records from your health care providers. You can typically request these documents for free [*]. Some of the documents you might request include hospital discharge notes, surgeries, and major test results. You can also ask your pharmacy to provide a list of the medications that you were prescribed during the year.
💡 Related: How To Know If You’re a Victim of Medical Identity Theft →
If your medical information ends up in the wrong hands, this could have major ramifications for you. Make sure you protect (or shred) any documents that contain your medical information.
For example, if you receive an EOB or bill in the mail, shredding the document before recycling it will ensure that your plan number can’t be recovered. Also, don’t toss out prescription bottles as soon as they’re empty. Instead, use a marker to black out your name, the doctor’s name, and the prescription name before the bottle goes in the trash [*].
If you realize that your medical information has been stolen, it’s important to act quickly. Medical identity theft is identity theft, and it can lead to dire consequences. You need to stop the scammers, correct your records, and take the necessary steps to avoid further damage.
Here are some things you should do if your medical identity has been stolen:
There’s no denying that sophisticated hackers and fraudsters are after your health care information — either to sell for profit on the Dark Web or use to get illegal prescriptions and medical care. Once your health care records have been misused or altered, you could be misdiagnosed, receive the wrong medication, or lose access to treatments and medicine that you need.
One of the most effective ways to keep your sensitive information safe from scammers is to sign up for Aura’s all-in-one cybersecurity solution. Aura offers award-winning identity theft protection that will safeguard your personal details online — including up to three health insurance IDs.
And if the worst should happen, every adult member on your Aura plan is protected by up to $1 million in insurance coverage for eligible losses due to identity theft.