This Scam Could Cost You Your Life
There are few scams that can truly make a difference between life and death. Unfortunately, medical identity theft is one of those scams.
Here’s just one example: When agents from the U.S. Health and Human Services found Juan Seoane, they thought they'd caught the mastermind behind a $350,000 Medicare fraud [*].
Instead, they found an 84-year-old man close to death and living in squalor. As it turned out, Seoane was the unfortunate victim of medical identity theft. Scammers used his details to cash in while Seoane clung to life in a filthy room.
Medical identity theft can be devastating. So how do you know if you’ve been a victim of a medical scam, and how can you protect yourself?
What Is Medical Identity Theft?
Medical identity theft is a type of identity fraud in which someone steals your health insurance information to get illegitimate access to medical services, equipment, or prescription drugs, and/or submits fraudulent medical insurance claims.
The cost of medical identity theft can be astronomical. Almost two-thirds of victims report losing over $13,500 to fraudulent bills [*].
For some people, unexpected bills and loss of benefits could even cost them their lives.
As with other types of identity theft, scammers are after your personally identifiable information (PII). Over the past five years, healthcare data has become one of the prime targets of data breaches.
Protected health information (PHI) is worth upward of $1000 on the Dark Web. That’s more than 200 times the value of stolen credit card information and 1000 times the value of a stolen Social Security number (SSN).
Pro tip: Check to see if your sensitive and personal information has been leaked to hackers on the Dark Web using Aura’s Identity Guard Dark Web Scanner.
The difference between medical ID theft and other identity frauds
Medical identity theft offers thieves a long-term income. If someone applies for credit in your name, chances are, you’ll quickly notice — especially if you have alerts set up through an identity theft protection service.
But it can take years for victims of medical identity theft to realize they've been targeted. Often, you won't know until you visit the doctor's office or need urgent treatment at the hospital.
By then, a fraudster could have racked up thousands of dollars in fraudulent claims and hit your benefit limit.
What Are the Consequences of Medical Identity Theft?
Identity fraud of any kind can wreak havoc on a victim’s life for years. But medical identity theft is especially damaging.
Criminals can destroy your health insurance coverage and leave you without a safety net when you need it most.
Here are the five worst consequences of medical identity theft:
1. You’ll get billed for treatments a thief received
If someone steals your health insurance care or health plan information, you could get bills for medical treatments you never received. It’s tough enough to stay on top of your own medical bills without the prospect of picking up the tab for someone else.
2. You could experience delays in getting medical care
In the digital age, bad data can cause a tangled mess that takes time to solve. For people in need of urgent surgeries or treatment, such delays can cause immense stress. In the worst-case scenario, a patient might die while waiting for the authorities to sort out the mess with their health insurance plan.
3. You could lose access to your health benefits
Once they've gained access to your medical benefits, criminals will abuse your Medicare as much as possible. By the time you need it for yourself, "you" have exceeded your insurance coverage and no longer have access to the benefits you need.
4. You might face criminal charges
If someone steals your health insurance information and conducts a crime in your name, you might end up needing a lawyer. In 2018, a 68-year-old doctor was wrongly convicted of taking part in a conspiracy to commit Medicare fraud in Louisiana. He endured months in federal prison before the courts overturned the conviction [*].
5. You might get a misdiagnosis or incorrect treatment
Fraudulent treatments done under your name can completely change your medical information history. This could lead doctors to misdiagnose your actual conditions or give you treatments you don’t need.
How Do Medical Identity Theft Scams Happen?
Medical identity theft can happen to anyone. Considering how much information we share online, it's easy to see how people can fall victim to a scam.
To carry out healthcare fraud, thieves only need some of your personal information, such as:
- Date of birth.
- Contact information.
- Social Security number (SSN).
- Other personally identifiable information (PII). This includes your driver’s license or bank account information.
- Other personal health information, including your healthcare plan data or medical and prescription history.
Imagine you lose your wallet. If your SSN and Medicare card are inside, that’s all it takes for a criminal to start using your benefits or health plan.
Even if you keep your wallet safe, your identity remains vulnerable if you browse on unprotected devices. Hackers and fraudsters can use all sorts of emerging cyber threats to get access to your medical information.
Pro tip: Secure your devices and home network with a VPN that includes antivirus and Wi-Fi security.
There are several common scams that arise from medical identity theft. Typically, these scams fall under one of three categories:
- Insider fraud is when somebody in the Department of Health and Human Services uses a patient's information for fraudulent activity.
- Outsider fraud is when somebody unknown to the victim uses their personal information to commit healthcare fraud.
- Friendly fraud is when people willingly allow someone they know to use their information to commit medical fraud.
Once a thief has your information, they can carry out several scams, such as:
False representation is when an identity thief pretends to be you in order to get medical care at a doctor’s office, clinic, or hospital.
A famous example of this was the case of June Smith. Thieves billed the 72-year-old New Yorker’s Medicare for almost $50,000 — including a pregnancy test [*].
Illegally obtaining pharmaceutical drugs
Thieves can use stolen healthcare information to get drugs at a pharmacy. These drugs may be prescribed medicines or restricted items like opioids, which thieves can take for recreational use or sell.
In August 2021, Nicholas Brendon was arrested in Indiana for alleged prescription drug fraud [*]. The actor was driving erratically and showed signs of cocaine and amphetamine abuse.
When questioned, he purported to be his twin brother and showed a California ID. Officers uncovered the truth and arrested Brendon for claiming prescription by fraud.
Fraudulent health insurance claims
A scammer can use your identity to claim reimbursement for medical services or treatment that you never received. Quite often, this is insider fraud wherein providers profit from fake insurance claims using their patients’ personal information.
For example, Dr. Lilit Gagikovna Baltaian was indicted after running illegitimate medical insurance scams through at least four home health agencies [*].
Over $6 million was paid out on the fraudulent claims, leaving Baltaian facing the prospect of 10 years in federal prison.
Purchasing medical equipment
Another common medical identity scam occurs when criminals order expensive medical equipment to sell on the black market. In February 2022, two women were found guilty of their role in a massive Medicare fraud scheme in Boston [*].
The women falsified claims for durable medical equipment (DME) using Medicare patient data stolen from a range of call centers. By the time they were caught, they had made $107 million in fraudulent claims.
How To Protect Yourself From Medical Identity Theft
The best way to tackle medical identity theft is to be proactive about securing your sensitive information.
Here are four steps for you and your family to prevent identity theft:
- Safeguard your health insurance card and Medicare cards. You should treat these cards and all personal health information as you would a credit card or SSN. If you lose these cards, contact your health insurance company immediately.
- Protect your mail and online credentials. Never share your patient portal credentials with anyone else. You can opt for paperless bills to reduce the chance of mail fraud (like a change-of-address scam) leading to the exposure of your personal information. Another option is to get a locked mailbox to provide extra security for your sensitive information.
- Review the Explanations of Benefits (EOB) and all bills and notices. It’s easy to set bills aside without a second thought. Make a habit of reviewing everything related to your medical care.
- Monitor the medical records of your dependents. It’s important to protect your children and elderly family members who rely on you for support. Children are easy targets in medical identity theft because it’s easier for thieves to run a scam without detection.
Pro tip: Sign up for a family identity theft monitoring plan. Aura can monitor and alert you if someone is trying to scam you online or your family’s sensitive information — like your SSN — is being used for suspicious activity.
7 Signs That You’re a Victim of Medical Identity Theft
It’s vital that you know when your identity has been stolen so that you can react quickly and limit the damage of medical identity theft.
Here are seven warning signs indicating that you might be a victim of healthcare fraud:
- You receive unexpected bills from medical providers for services that you’ve never received. Be especially suspicious of medical bills in your child's name.
- You receive unexpected medical kits to your home. Julie Ponce discovered someone had stolen her Medicare card when she received test kits and paperwork for a hereditary cancer screening she didn't order [*].
- You receive calls from debt collectors for medical debts that you don't recognize.
- Your health insurance provider notifies you that you reached your benefits limit. Be especially wary if you know you haven’t made many (or any) claims.
- You notice mistakes or unexpected entries in your medical record, such as an incorrect address or date of birth. Look for fraudulent entries, like blood tests you didn’t have done or medications you weren’t prescribed.
- You receive a change of address confirmation from your medical insurance provider, even though you haven’t moved.
- Your insurance claim is denied because your medical records show you have a condition (that you don’t actually have). This is one of the worst consequences of medical identity theft, and could cost victims their lives.
How To Recover from Medical Identity Theft
- File a report at IdentityTheft.gov. The Federal Trade Commission (FTC) will take details of the fraud, create a recovery plan, and start an investigation. You’ll also get an FTC Identity Theft Report.
- File a police report with your local law enforcement. Notifying the police will increase the chances of catching the criminals before they target other people.
- Request copies of your medical records. Contact the individual doctors and healthcare institutions that may have your information. This includes clinics, labs, pharmacies, and hospitals. Ask for your medical records and insurance EOB statements. You might have to pay fees to obtain copies.
- Report any errors. When you review your records, make a note of any errors or questionable entries. Send a written letter to the healthcare provider to explain the issue and request that your records be amended. The provider must respond to the request within 30 days.
- Go through your credit reports. When you’re the victim of medical identity theft, there’s always a chance fraudsters have access to more of your information. For example, they could commit loan fraud and open credit in your name. Get in touch with the three credit bureaus (Experian, Equifax, and TransUnion) to get a credit report, so you can check for any fraudulent activity and start to repair your credit score.
- Set up a fraud alert or credit freeze. Notify the bureaus of the fraud and set up credit monitoring to receive notification of any attempts to open new accounts in your name. If you're worried, you can initiate a credit freeze to stop the approval of any new accounts.
Recent Healthcare Data Breaches: Were you Impacted?
Protected Health Information (PHI) is now the second most common type of information hacked in data breaches. In 2021 alone, more than 45 million people were affected by healthcare cyberattacks — and that number has tripled in the past three years [*].
If your data has been leaked or accessed by hackers, you could be at risk of medical identity theft.
Here are some of the most recent healthcare data breaches to be aware of [*]:
- Accellion FTA: At least 3.51 million patient records were stolen by hackers who found vulnerabilities in the legacy Accellion File Transfer Application (FTA). More than 100 companies were impacted, including 11 U.S. healthcare organizations, such as Health Net Community Solutions (686k), California Health & Wellness (80k), and Trinity Health (586k).
- Florida Healthy Kids Corporation: 3.5 million patient records were accessed including SSNs and financial information.
- 20/20 Eye Care Network: 3.25 millions records were accessed including SSNs, dates of birth, and health insurance information.
- Forefront Dermatology: 2.4 million records were accessed, while PHI from at least 4,431 individuals was compromised.
- NEC Networks (aka CaptureRx): 2.42 million records were accessed by hackers using a ransomware attack.
- Eskenazi Health: 1.5 million records were accessed and leaked including stolen driver's licenses, SSNs, passport numbers, , photographs, pharmacy records, and financial information.
- Kroger: 1.47 million Kroger clinic customer records were accessed including names, contact information, SSNs, insurance claim information, and some medical history information.
- South Denver Cardiology Associates (SDCA): Almost 300,000 patient files were accessed, including SSNs, health insurance information, and clinical information [*].
These are just some of the most recent healthcare data breaches, with more happening every single week.
Remember, you can check to see if your sensitive and personal information has been leaked to hackers on the Dark Web using Aura’s Identity Guard Dark Web Scanner.
Medical Identity Theft Is a Matter of Life and Death
It’s not an understatement to say that medical identity theft is possibly the most damaging type of identity fraud there is. Not only can this crime cost you money, but it could even cost you your life.
Of course, that would be an extreme scenario. But the reality is that the fallout from medical identity theft can be severe.
Keep your health documents secure from scammers. And for added protection, sign up for Aura’s identity theft protection plan. We’ll monitor your personal information for signs of identity theft and alert you of any suspicious activity.
And if the worst happens, you’re covered by a $1,000,000 insurance policy for eligible losses due to identity theft.