Have you ever heard of medical identity theft?
For those who haven’t, it may sound less concerning than financial theft. It looks like a subcategory with no consequences nor interest outside healthcare.
But appearances are highly deceiving: medical fraud can cost more than just money. It’s easy to underestimate the risk until it’s too late.
For the sake of this explanation, imagine you have an accident and require urgent attention. You arrive at the hospital in critical condition only to find out someone has already consumed your medical coverage.
In America, thousands of victims pass out every year because they refuse to receive some treatment they cannot afford. Knowing how interested scammers are in stealing those medical funds, bankruptcy is almost inevitable.
Worst of all, medical identity theft takes years to uncover. Victims can spend a lifetime trying to undo the damages.
What Is Medical Identity Theft?
What if someone is selling your personal information somewhere in the deep web? Right now, someone could be using your money and data for a medical operation.
For treatment, people require PII, Personal Identifiable Information. Someone who accesses private data would have everything needed to mimic your identity.
But does it really cost you?
- You could lose all your money and accounts.
- Identity theft can trash your credit score and online identity.
- If the effect is severe, hospitals may limit your medical services.
- An identity thief can alter your medical data. If you use healthcare services with the wrong reports, the treatment could kill you.
When it comes to your health, identity theft could cost your life. Why trust healthcare providers without data protection?
Don’t worry. Identity theft isn’t hard to avoid. What leads to costly mistakes is the lack of prevention.
It doesn’t mean you can’t recover from identity theft. However, it will limit your medical services. Even the smallest procedures may take extensive verification.
Why Medical Identity Theft?
When stealing patient identities, the fraudster often affects the system itself. Hacking into a hospital database may correlate with equipment malfunction, thus putting countless lives at risk.
Although these con men disregard ethics, they have better motivations to endanger people:
- Profit. Money is the reason over two million identities get stolen every year. In the deep web, the black market prices SSNs at ~$1-$5, credit cards at ~$100, and medical PIIs for $1000 or more. Breaching a hospital could get you hundreds of those contacts: probably a five/six-figure scam.
- Stealth. These days, people are well aware of identity theft. As soon as reports don’t match, you get a warning and proceed to secure the account. That’s not the case of invisible medical fraud. The perpetrator will never get caught, and the scam can take years to detect.
- Lasting effects. Most actions have permanent effects, which means scammers can keep their stolen money/identity safely. It also means the victim suffers losses and may never recover from fraud completely.
- Unsecured networks. Some centers still fail to give cybersecurity deserved attention. Hackers take advantage of small providers who may lack the training or technology to encrypt patient’s data.
Medical Identity Theft: Red Flags
Unlike financial fraud, there’s no direct way to recognize the medical scam. If you fell for this scam, you wouldn’t find the con until years later, long after the scammer disappeared.
The next time you visit a medical center, these warning signs will tell whether you can trust or not:
#1 Online data request
New technologies bring comfort, but they cannot replace real communication. If you provide documents in person, you know who is receiving them. On the Internet, anybody can pose as your healthcare provider and steal your information.
Centers requiring virtual registration often share ambiguous addresses and services. You’re signing with a provider when you never visited their building, which may not exist.
To avoid phishing threats, make sure you talk to a real person in a legit firm.
#2 Free services
A provider is offering free tests/treatments once you sign up for their program. However, they request private medical information to register. The “free” service ends up turning into identity theft.
Just because you don’t pay for your data, it doesn’t mean it’s free. It’s also unrealistic to deliver free services to any person who comes in. Why would they do it?
#3 Special provider
You talked to multiple providers, but none of them matches your needs. Perhaps you disagree on price, or they refuse to make a treatment because of your medical background.
After hours of searching, you stumble upon a medical add that sounds too good to be true. Since you have nothing to lose, you contact them. They meet your standards!
So they become the only provider who accepts the operation, which makes us think: why are they different? Aside from the deal, you don’t find anything that clearly shows how they are better.
When an offer varies from the market standards too much, you want to consider whether it’s a scam. If not, why has nobody heard of them before? Why do they have no online presence nor customer reviews?
#4 Wrong invoice
A payment collector calls seeking payment for medical services. However, you never receive any of the operations they mention. Could someone have done it using your identity?
Arguing with the collector wouldn’t help, because they are just as confused as you are. They act based on what the numbers show, and if someone manipulates the data, they won’t know.
#5 Explanations Of Benefits (EOB)
Some people default to invoices and ignore payment-unrelated notices, such as EOBs. But before you pay your provider, you should know what those services are. We may assume the numbers are evident and require no revision, but the EOB may show a different story.
The EOB statement displays the costs covered for medical care based on products/services bought. If you don’t recognize some of them, ask your provider to revise it. If they say you indeed received that treatment, then someone may have stolen your identity.
Types Of Medical Identity Theft
#1 Medical Center Hackers
At the end of the day, no brand is 100% safe, no matter the measures. You can only reduce your risk, not remove it. Scammers choose the easiest target: small providers with no training nor technology.
If you find a small provider offering a better price, remember than you may be risking your data protection. The provider itself isn’t a scammer but exposes to more risk. Hackers data-breach these centers to collect hundreds of patient PII’s.
It doesn’t mean it cannot happen to an established, secure medical brand. It’s relative to risk and reward (read about the Fraud Triangle).
#2 White Collar Crime
Now, hacking stands for a tiny part of medical fraud. It may seem like professionals are honest people trying to do everything right. But experts make mistakes too, and sometimes on purpose.
Apart from brand reputation, you don’t know whether the professional will do a good job. What are their intentions? Is the equipment working well? Could the manager have made a mistake when hiring?
Suppose a health insurer requests sensitive information before you even registered. Perhaps they make you pay before you receive the service. Everything points to potential identity theft and advance fee fraud.
Although unethical employees get fired fast, you may still have bad luck to deal with one.
#3 Medical Provider Fraud
Dishonest providers may take advantage of under-insured clients. They might request upfront payments, even manipulate reports to charge for services you didn’t receive.
They may file false insurance claims and reimburse for procedures never performed. When you get the invoice, they justify it as an add-up cost for uninsured patients, which has no basis.
#4 Fake Professionals
An imposter who poses as a medical center sells you a manipulated offer. You think you’re dealing with the provider, when in reality:
- There’s a third person between you and the provider
- The real provider partially communicates with the “associate.” They see him as a client.
- You never meet the actual provider, who doesn’t know anything about you.
Middlemen scams allow scammers to borrow the brand’s reputation to convince others. Because they stand for that company, they prove a good reputation and a service that exists (but the offer doesn’t!).
Because they won’t deliver any service, they can price it for a lower price, thus attracting clients. When they pay the associate, he sets them the appointment with the actual provider, collects the money, and walks away.
- You didn’t pay your provider, but another person. Consider the payment the last moment you will ever see the con man.
- When you visit the center, the provider tells you the real story.
- Weeks after the scam happened, you may find unrelated notices and charges. If you shared private information with the associate, he might have stolen you more than money.
#5 Medicare Phishing
Con men can disguise as any major healthcare brand with the right skills. They will use any imaginable hooks to make sure you open their email, click on the link, and fill up their form.
- Your health insurer is refunding you several hundreds of dollars.
- You receive a paid invoice from treatments you didn’t receive/request.
- You find a warning to update your healthcare information because “someone has compromised your account.”
The next time you receive such emails, do:
- Consult with a real employee, preferably on the phone.
- Beware of the phishing red flags and take preventive measures.
- Follow the email steps if it’s legit, and delete it if it’s not.
#6 Treating With Fake Identity
Fake professionals sell services they don’t have and collect your payment. But sometimes, they make you pay the provider and get a free treatment.
They just visit the medical center and inform me about the price and documents needed. They then come to you disguised as the provider with the same offer. You give them what’s requested and wait for your scheduled appointment (which will never happen).
The con man uses your information and money to pay himself an operation, a product, or some surgery. Once you find out about identity fraud, the scammer has already received treatment and walked away, with no refunds available.
How To Stay Safe From Medical Identity Thieves?
Communication solves everything. If you’re going to trust your health to someone, make sure to ask enough questions and prevent risks:
#1 Don’t make yourself a target.
Avoid sharing in public (or online) the medical procedures you plan for the near future. Scammers will look at you as an ideal victim.
When talking to the doctor, people have a good habit of bringing more documents than needed in case they forget something. However, you should not offer redundant info that may lead to a compromised identity. Seriously, do they need your SSN, driver’s license, or credit card on the first check-up?
#2 Check your health insurance status quarterly.
Things can go wrong, whether it’s a scam or a processing mistake. The sooner you realize the error, the less money it will cost you. It’s a responsible practice to check your reports periodically just to make sure everything makes sense.
You don’t want to find out too late, because then it may be harder to undo the mistake. Check your health insurance status like you would check your credit score: once a year, if not quarterly.
#3 Get document backups
After a thief alters your medical data, it can be confusing to prove what information belongs to you. And receiving treatment with wrong biological data is never a good idea.
Having copies from your medical documents will save a lot of time you’d otherwise spend redoing the tests again. Without the copies, the identity damages could last years.
#4 Choose large reputable providers
Although it may cost a bit more, remember you’re paying for data protection as well. It may seem like scammers aren’t interested in small providers when it’s actually the opposite.
Brands that value cyber protection will likely have a backup plan in case things go somehow wrong.
#5 Keep your data private
You don’t want to spot medical identity theft when you’re in the hospital only because someone breached your information two years ago. Start protecting today to avoid complications:
- Keep medical documents in a safe spot. Delete virtual notices after reading/responding, and shred any papers after revising them.
- Check your Explanation Of Benefits and ask your insurer to update you every few months.
- When someone requires your SSN, only provide the last four digits.