Does Medical Identity Theft Make You Sick?

 By Catherine Powell

Image courtesy Pixabay

Identity thieves continue to prey on the public by hijacking their victim's good names for profit.  In 2022 alone, ID thieves managed to steal $10.2 billion from 1.4 million Americans according to statistics published by the National Council on Identity Theft Protection.  If that isn't bad enough, the council predicts that by 2029 the cost of identity theft protection is expected to skyrocket to $29 billion.  While protecting your personal and financial data is vital to keeping you and your family from being victimized by identity thieves, lately there has been an even more insidious form of ID theft that has reared its ugly head: Medical Identity Theft.  What's even worse than the financial damage this form of fraud can cause is that it's even easier to commit and harder to prevent.

HCA Healthcare hack exposed 11 million patients personal identification data.

According to a July 10 report by CNBC, one of the nation's largest healthcare companies admitted that critical personal information stored on the company's computers had been stolen by hackers.  The hack involved the theft of more than 11 million patient records in 7 states from dozens of HCA facilities including Texas and Florida.  While this isn't the only healthcare company whose data has been stolen, according to CNBC, "This could be one of the biggest healthcare-related breaches of the year and one of the biggest of all time."

What can thieves do with purloined medical data, you ask?  Several things.  They may choose to sell the stolen data on the dark web.  Or, they may simply use it to impersonate you in order to make you pay for treatment they receive.  Don't think it can happen to you?  Neither did Evelyn Miller, a retired healthcare administrator.  According to a recent NPR Health News article, she didn't realize she had a problem until she received a text from a hospital emergency department letting her know the wait time for treatment would be between 30 minutes to an hour.  That was news to her, since she wasn't in the ER at the time.  She wasn't even living in the same city as the hospital that sent her the text.  Thinking the message was sent in error, she made the mistake of ignoring it instead of calling the hospital immediately.  It wasn't until the next day that she realized she had a problem when someone from the hospital called to discuss the results of "her" ER visit.  It turns out someone had fraudulently used her healthcare information to avail themselves of services.  After explaining this fact to the staffer, who called her she was assured that the problem would be taken care of.  The following week she received a bill for $3,600.

Image courtesy Pixabay

While it seems preposterous that someone can waltz into an emergency room, a clinic, or a doctor's office to get treated by using fraudulent medical information, the practice has become all too common.  In 2022, some 27,821 cases of medical identity theft were reported to the Federal Trade Commission.  While this figure is far less than the 5.7 million traditional identity theft reports filed that same year with the FTC, the results can be more serious when you consider the cost of healthcare in this country. Where the average cost of ID theft in 2022 was $1,200, the same year saw 65% of healthcare ID theft victims being hit for $13,500.  

While both kinds of ID theft can result in financial loss, healthcare ID theft can also:

• make it difficult for victims to receive their prescriptions.
• ruin their credit if unpaid bills go to collection.
• allow criminals to file fraudulent insurance bills to the victim's healthcare provider.
• in worst case scenarios it has been known to cause the police to come knocking on a victim's door.

What makes healthcare ID theft even more onerous is the fact that the fault may not be the result of a security lapse committed by the victim.  If any healthcare provider you see should get hacked, a lot more than your healthcare records could be compromised.  Many medical records contain such data as your name, age, address, phone number, and social security number.  If you pay for treatment via credit card, this data may also be stolen only to be sold or used by hackers.  

What can you do if you suspect that your healthcare information has been compromised:

1. Don't wait to take action.  Every minute counts, since hackers can and will either use or sell the information as soon as possible.
2. If you aren't sure which of your healthcare providers was hacked, contact every provider you've seen  to alert them to the problem.
3. Call your health insurance company right away to let them know you believe your healthcare information may have been compromised.
4. Alert all three credit reporting bureaus, or better yet, freeze your credit so nobody can use your data to open fraudulent credit accounts in your name.
5. File a report with the police.
6. Go to the FTC's identity theft site to file a report.
7. Keep track of any notifications you receive from all your healthcare providers.  
8. Consider subscribing to a credit monitoring service that will alert you to any suspicious activity.

Image courtesy Pixabay

Even though healthcare ID theft hasn't yet become as much of a clear and present danger as more traditional forms of ID theft, since it's so lucrative it's clear that this form of fraud is a growing menace.  Take steps to protect your medical data including shredding any medical bills or correspondence you receive from the providers you frequent.  Check your credit report regularly. Make sure you don't ignore any early warning signs of healthcare ID theft.  Do whatever it takes to keep this fraud from happening to you, since this is one crime that should make you sick.

Catherine Powell is the owner of A Plus All Florida, Insurance in Orange Park, Florida.  To find out more about saving money on all your insurance needs, check out her website at http://aplusallfloridainsuranceinc.com/