5 true & terrifying cases of medical identity fraud

FeaturedHealth & FitnessMoney

Written by:


All types of identity theft are a pain, but none more so than medical identity theft. If a criminal steals your personal information for their medical use, it could mean not only that your credit gets ruined, but also that your life is threatened by false medical records. That’s a worst-case scenario. Yet, it doesn’t hurt to be prepared, especially since medical identity theft is becoming more common. A study in the Journal of the American Medical Association showed that between 2010 and 2017, the number of medical ID theft cases rose almost every single year.

What is medical identity theft?

Medical identity theft occurs when someone uses your personal info for medical care or medical insurance claims. This can seriously harm your credit, alter your personal medical records, mess up your insurance policy, and cause you major embarrassment. It can also lead to higher out-of-pocket costs for the medical procedures that you need.

Medical identity theft statistics:

  • 27% of data breaches were related to medical records in 2017.
  • 65% of victims needed almost $13,500 to pay off fraudulent bills.
  • Of victims studied, 3% lost their jobs.
  • 23% purposely gave their healthcare info to someone they knew to help them out.
  • Family members committed 24% of medical identity theft without their family’s knowledge.
  • Only 10% of victims were completely satisfied with how their situation resolved.
  • 30% of victims had no idea when the identity theft occurred.

How does medical identity theft happen?

For this type of identity theft to occur, thieves need access to your personal info. These are just a few of the ways they can steal your information for medical identity theft:

Physical records or insurance cards

For the most part, people are very careful with their medical and insurance records. Unfortunately, when patients or their healthcare providers are negligent, thieves can steal personally identifying medical info.

Electronic Health Records (EHRs)

Almost every healthcare worker in a hospital can access patient records. If any of them have ill-intent, they could simply take your records while they work.

Data breaches

Large medical databases are susceptible to hackers. Criminals have good reasons to target medical records, too – they fetch a high price on the black market. Through various methods of online identity theft, thieves will break into secure databases and steal thousands of records.

It’s Coming From Inside the Hospital

One in five healthcare workers say your personal data is worth between $500 and $1,000, says a poll.

Another 24 percent know someone at work who’s selling their patients’ information, according to solutions company Accenture.

“Health organizations are in the throes of a cyber war that is being undermined by their own workforce,” says John Schoew, leader of Accenture’s North American health and public service security practice. “With sensitive data a part of the job for millions of health workers, organizations must foster a cyberculture that addresses these deeply rooted issues so that employees become part of the fight, not a weak link.”

And that’s just the most egregious of cybersecurity flaws in the healthcare industry.

Healthcare cyber warfare

Hospitals and doctor’s offices had to spend $12.5 million each, on average, last year. Employees selling confidential information is arguably the most malicious mistake made. But, there are many others that put you at risk.

Eighty-eight percent of healthcare workers are trained not to hand write their username and password credentials. And if they do, avoid leaving them next to work computers. However, 17 percent still do. Even worse, those who frequently receive cybersecurity training are more likely to. A quarter (24 percent) of regularly trained healthcare workers make that mistake.

Those are just problems from inside the healthcare industry. Patients still need to be concerned with outside threats.

McAfee, a cybersecurity company tracks more than 478 new cyber threats per minute, according to its latest threats report. The healthcare industry experienced a 211 percent increase in cybersecurity incidents last year alone.

Weak medical software, and lack of security efforts contribute to incidents in the healthcare industry, McAfee says.

“Healthcare is a valuable target for cybercriminals who have set aside ethics in favor of profits,” says Christiaan Beek, McAfee lead scientist and senior principal engineer. “Both health care organizations and developers creating software for their use must be more vigilant in ensuring they are up to date on security best practices.”

But, where is medical identity theft most often to happen?

The most vulnerable

In 2016, there were 16 million patient records stolen in the U.S., according to a study published in the American Journal of Managed Care(AJMC).

Medical education, pediatric hospitals and large hospitals — with more than 400 beds — experience more data breaches, than privately owned, for-profit hospitals, the study says. There were 215 data breaches in 185 urgent and acute care clinics, that affected 500 or more people, AJMC’s study says.

Hospitals with data breaches versus those without

This shows how frequently some hospitals are hacked.

  • Teaching hospitals: 16 percent with a breach vs. only 3 percent without a breach
  • Pediatric hospitals: 6 percent with a breach vs. 2 percent without a breach
  • Larger hospitals: 26 percent with a breach vs. 10 percent without a breach
  • Private for-profit hospitals: Only 15 percent vs. 22 percent without a breach

The use of electronic health records contributes to 19 data breaches, affecting 44,805 people. Lost or stolen laptops from hospitals contribute to more than double the incidents, with 51 data breaches that affected 380,699 people.

Throughout the 7-year long study, researchers noted that hospitals spent more money updating their electronic health records systems. However, hospitals neglected to invest in increasing cybersecurity efforts. They also noted that hackers shifted interests from selling data, to threatening to shut down online systems in hospitals by holding data for ransom.

Which is interesting. As McAfee has pointed out, Ransomware cases increased by almost 60 percent last year.

How to know if you are a victim of medical identity theft

If someone stole your medical information, find out as soon as possible. Keep an eye out for these signs:

Bills for medical services you didn’t receive

If a bill shows up in your mailbox for a medical service you never actually received, then someone may have used your insurance for their own medical care.

Incorrect info on your Electronic Health Record (EHR)

Your doctor keeps an EHR with all of your health information on it. If the doctor mentions something on the EHR that you know is wrong, it’s possible someone used your insurance for their own treatment.

Maxed out policy that doesn’t make sense

Say you’ve only had a few medical appointments this year. Then you get a call from your insurance company saying that your plan is maxed out! Before you blame the company, find out if someone else used your plan.

Calls about medical debt you don’t owe

If you receive a call about paying your medical debt when you know you don’t owe any medical debt, an identity thief may have gotten procedures in your name.

Unfamiliar collection notice on your credit report

In the same vein as collection calls, a collection notice on your credit report for a medical debt you never incurred is a sign of medical identity theft.

Denial of insurance because of a condition you don’t have

When you try to get insurance, companies will review any preexisting conditions. If you are denied because of a disease or condition you aren’t afflicted with, an identity thief could have used your name for coverage.

Medical identity theft cases

Just in case you needed solid evidence of how bad medical ID theft really is, here are some stories that made the news:

Drugs on someone else’s dime

In 2008, someone stole Deborah Ford’s purse. In 2010, she heard about a warrant out for her arrest for something she had never done. Someone used Ford’s info for fake prescriptions to get 1,710 codeine and hydrocodone pills. The charge was on Ford’s record for 5 years.

A liver transplant on a different policy

Amira Avendano-Hernandez couldn’t afford a new kidney. She decided to buy someone’s SSN on the black market and get it anyway. The victim had no idea that her identity was being used by someone else until she was contacted by authorities.

The baby that wasn’t hers

A baby was born in a Utah hospital and tested positive for methamphetamine, alerting Child Protective Services. CPS contacted Anndorie Cromar, mother of four. They told her they knew about her drug addiction and all four of her kids – plus this new baby – were in danger. Cromar hadn’t given birth in years. Finally, she found out that the drug-addicted mother had used her stolen driver’s license to commit medical identity theft.

Bad credit, worse allergies

Ronnie Bogle is allergic to penicillin. His brother Gary, who stole Ronnie’s medical identity, is not. If he required emergency treatment and was treated with Gary’s info on his record, penicillin could have killed him. Luckily, this didn’t happen. But Ronnie is still fighting over his records with multiple hospitals.

Blood donation denial

Nikki Gordon wanted to donate blood at her high school’s blood drive. Turns out, the 17-year-old couldn’t donate because her records said she tested positive for AIDS. Gordon was positive this was false. After her initial surprise, she discovered that someone in California was using her Social Security number for medical treatment.

Even Medical Devices Aren’t Scam-Free

If you know someone who has a pacemaker, they’ve probably been hacked.

Just because you’re not on the internet doesn’t mean that you can’t get hacked. Security firm WhiteScope says there are more than 8,000 existing security flaws from four different pacemaker manufacturers. This massive issue comes from third-party programmers allowing outdated software vulnerabilities instead of regularly updating their systems to protect users against scammers.

The study found that in all cases, programmers had non-encrypted file systems with removable media. This makes it easy and quick for scammers to hack into pacemaker programs to steal data.

Along with that, none of the systems require physician approval to update or change pacemaker information. That means anyone can hack into pacemaker programs and manipulate data without any sort of doctor authentication.

Imagine if someone could open your phone without a passcode or log into your computer without a password — and we’re talking about your heart here, not just your photo collection.

“Pacemaker systems are ‘system-of-systems,’” WhiteScope says. “There are essentially four components to modern pacemaker system deployments: the pacemaker devices, pacemaker programmers, home monitoring systems, and the supporting/update infrastructure.  All components are vital to the safe functioning of the pacemaker system.”

The report says the Food and Drug Administration has attempted to streamline updates but all programmers they studied had outdated software in need of major updates. One vendor alone had 3,700 vulnerabilities. In two separate instances, WhiteScope says they found actual non-encrypted personal information of patients in their findings, including Social Security numbers, full names, and medical data. The study says there is no vendor that is better than the others; they’re all bad.

This isn’t the first time pacemakers and other medical devices have had their security flaws exposed. This study names others as far back as a decade ago that detail how a lack in security was a threat to patient safety.

Unfortunately, nothing has changed to make these medical devices safer, even as we’ve all become more reliant and comfortable using digital systems and identity theft risks have grown exponentially.

Medical data keeps getting stolen

Medical hacks are nothing new. The more technology develops to make obtaining our personal medical data more accessible for us, the easier it will be for hackers to steal it.

A quarter of Americans have had their medical data stolen, and one-third of those hacks have happened inside the hospital. Like the pacemakers, if doctors and other health care providers don’t make drastic changes to how their systems are built and maintained, this will continue to happen. And the more it happens, the more financial loss we suffer.

It’s not just medical data, though. All our personal information is prone to theft regardless of where it is stored. Even your money is liable to get stolen straight from the bank these days.

More than half of Americans have been a victim of identity theft or know someone who has been a victim. Even with how common it is, Americans still don’t think they will be a victim — half don’t take any sort of precautions to protect themselves from hacks.

Unfortunately, companies aren’t looking to fix this anytime soon. Businesses would rather beef up the security measures they can see — the physical ones — rather than the ones they can’t. Many companies know that cyber attacks are coming, but very few are doing anything about it. Just like pacemaker manufacturers and programmers, companies still aren’t preparing for online hacks, even though they know they are coming. Vigilance is all on us.

How to prevent medical identity theft

There are (fortunately) plenty of ways to keep your medical information safe from identity thieves. Start using these tactics to safeguard your identity:

Check Explanation of Benefits/Medicare Summary Notice

Medical insurance providers send out orms that outline what treatments they paid for in the last year. Discrepancies between your own records and these forms could be mistakes, but may alert you to identity theft.

Correct errors in medical records

If you find errors in your records, your next step is to send mail about the errors to both your doctors and your insurance provider. The Federal Trade Commission (FTC) has a succinct guide to correcting medical record errors on their medical identity theft page.

Protect your SSN and medical insurance info

Keep your personal information safe. Both your Social Security number and your insurance information can be used for medical identity theft.

Ask for a replacement number if you lose your card

Instead of just asking for a new card, ask for a new number as well. Someone could be using your lost card, and things will get messy if you keep the same number.

Shred medical documents before disposal

Treat your medical documents no differently than your other confidential papers. If you’re throwing some documents out, also shred them beforehand.

Keep your own records

Your healthcare providers keep records of your visits and procedures. Do you? Start taking notes on your medical care. Then if something is wrong on your records in the future, you will have something to compare it to.

Don’t give your information over the phone

Medicare will never call you. Keep your information safe and don’t share it on the phone.

Responding to medical identity theft

Hopefully you never experience the nightmare that is medical ID theft. For those unlucky patients, here are five things you can do after you discover you’re a victim:

Contact your insurance provider

When you notice a sign of medical fraud, the first thing you should do is call your insurance provider. If the sign you noticed was actually a mistake by your provider, then calling them will help you find out.

Request copies of your records

Ask for records from the places where the medical fraud may have occurred. You will need all of the evidence you can get.

Get an accounting of disclosures

An “accounting of disclosures” tells you who received your medical records from your healthcare provider. You get one free accounting of disclosures per provider per year. This will show you the places that got your fraudulent records.

Report it on IdentityTheft.gov

Once you’ve confirmed that someone else is using your medical info, go to IdentityTheft.gov to report it. This website, created by the FTC, will generate a recovery plan for you.

File a police report

Only 40% of medical fraud victims reported the identity theft to law enforcement. Even if you’re not sure it will help, file a report for your own safety.


This article originally appeared on Debt.com and was syndicated by MediaFeed.org.

More from MediaFeed:

8 technologies that are changing the future of health care


Computing power, tech, and science are all advancing at a breakneck pace — but innovation also breeds uncertainty. For example: It’s possible to genetically engineer babies, but lawmakers don’t understand what’s happening well enough to propose rules or laws about how the practice should be used.

Right now there are cancer therapies that take a patient’s T-cells and reprogram them to hunt down the cancer cells. But even though the FDA has already approved this treatment, the practical questions of how the therapy should be used — and who should have access to it — loom large and unanswered.

That said, as we survey the intersection of advancing tech and healthcare, there are eight significant innovations that seem to point toward more effective healthcare system.

On their own, each innovation is exciting. But when taken together, these eight trends have the power to completely disrupt the healthcare industry as we know it.

In my book, Need To Know, I share practical and objective strategies for navigating the flaws of our current healthcare system, along with predictions and guidance for its ever-changing future.


ipopba / istockphoto


As predicted decades ago, we’re now seeing the Internet of Things, where products containing sensors with microchips can communicate via the Internet.

One advantage of the IoT is the ability to quickly collect large amounts of data. This could change the way medical care is delivered by making it more proactive.

By having access to real-time data delivered by the IoT, healthcare providers can identify issues before they become critical and provide intervention, which has the potential to save countless lives.

Imagine being able to detect cancer within minutes. The IoT and its sensors and networks can help identify leading indicators, as opposed to lagging indicators.

With cancer, a colony of cells develop before a tumor grows. However, the right sensor can detect and monitor these colonies, and help identify cancerous growth or activity far before it becomes life-threatening.





Cloud computing (or the “cloud”) consists of a network of connected sensors and processors that work together online. Many of us utilize cloud services like Dropbox or Google Drive to have access to our files on any device no matter where we are.

Cloud computing not only solves the time/distance problem but allows you to add computing power anytime you need it since the servers are networked.

The big advantage for the healthcare industry is that doctors now have the ability to anticipate things before they happen and make faster, more accurate decisions.

As more people begin to suffer chronic conditions, being able to anticipate problems and make faster diagnoses based on the data is critically important.



Markus Spiske / Unsplash


Three-dimensional printers are like little on-demand factories that will fundamentally disrupt the supply chain of products worldwide as they become more prevalent.

The practice of making something in a factory, shipping it around the world, and delivering it to a brick-and-mortar store to reach consumers is going to radically change.

Three-dimensional printers will be able to print many different things—even our food.

Being able to produce enough food to feed eight billion people, especially proteins from animals, is a problem we’re going to have to face. With 3D printers, we can help remedy this issue by printing meat-like food items using sources like bean protein.

There are even companies using 3D printers to produce human organs like ears and noses. The possibilities are almost endless.



Ines Álvarez Fdez / Unsplash


You’re probably familiar with industrial robots, which build things like your car.

But have you heard of nanobots?

Nanobots are tiny robots that can be put inside the human body to help fight against disease.

Robots help outside the body, too. There’s an exoskeleton now that augments a broken spine and allows people to walk who were previously bound to a wheelchair.

Artificial limbs – the idea of which were recently limited to only the most ambitious science fiction – are now commonplace.

We know drones can deliver packages to your home, but they can also save your life.

Recently, off the coast of Australia, a drone was used to drop a floatation device to swimmers who were at risk of drowning, and this saved lives. Swedish researchers are also using drones to drop defibrillators to people who are in cardiac arrest.



Rafal Jedrzejek / Unsplash


One of the biggest ways AI will improve our health is through driverless cars.

Over 37,000 people a year die in car accidents, often because of human error. Driverless cars will make fewer errors than humans, reducing the numbers of wrecks and deaths.

AI will also be able to detect things that human caregivers miss.

Take radiologists for example, who evaluate medical images using two eyes and their brain. AI, on the other hand, can spot things the radiologist misses because it has better sensors and access to all the radiology studies that have ever been done.

Finally, AI will remove the need for medical professionals to perform mundane and time-consuming tasks, allowing them to put more effort into developing and implementing personalized care for each of their patients.



wigglestick / istockphoto


Every day, scientists are creating materials that have never been seen before. As more research is conducted, once expensive materials are also coming down in price.

For example, there are a significant amount of people that have titanium hips.

As the field of material science evolves, the practical applications of these materials are only going to become more significant and impactful..

For example, there now exists a gel that spurs the growth of nerve cells and could eventually be used to regrow lost or damaged brain cells.

One day we’ll likely be able to replicate natural materials like collagen, nanocellulose, and resilin, and use them to make stronger, longer lasting artificial hearts.



alex-mit / istockphoto


Virtual and augmented reality is an exciting field, and its technologies can be used in many different ways. The entertainment possibilities should be obvious, but it’s an obvious fit for military and medical training, along with education.

In the medical field, VR and AR technologies are already used in teaching and demonstrations. For example, there are special glasses one can wear to simulate looking and interacting with cells that are inside the human body.

Patients can also swallow a camera sensor that images their digestive tract as it passes through it, giving doctors a chance to explore it in detail using VR.





Synthetic biology is all about genetic reprogramming.

There was a case where a child had leukemia. All the treatments had failed, but doctors were able to take out T cells and send them to a lab where their DNA was altered.

They put a message in the cells to allow them to recognize cancer and injected those T cells back into the child. It was an experimental treatment, and although there were some safety concerns at the onset of treatment, the treatment worked flawlessly.

Another example: adding computing power to the mapping of the human genome will enable the reprogramming of cells, but that leads to significant ethical questions. Should we have designer babies?

If we’re able to edit genes, will we see a world of rich people who can take advantage of that technology and poor people who can’t? The laws and regulations around this technology will be very interesting to watch unfold.


This article was syndicated by MediaFeed.org.



Pixabay / Pexels.com


Featured Image Credit: fizkes / iStock.