FRAUD RESOURCE CENTER
En español | Medical identity theft is when someone uses your personal information, especially a Medicare or health insurance number, to get treatment, prescriptions or medical devices, submit claims, or obtain benefits under your name.
It’s a growing menace: Cases of medical ID theft reported to the Federal Trade Commission (FTC) rose from about 6,800 in 2017 to nearly 43,000 in 2021. And it's a particularly insidious form of identity fraud, for a number of reasons:
- It can cost far more than purely financial identity theft. Federal law generally limits consumers’ liability for fraudulent credit card charges to $50, but there are no such protections for a stolen medical identity. Among victims of medical ID theft surveyed in 2015 by the Ponemon Institute, a cybersecurity research firm, those who lost money spent an average of $13,500 to resolve the problem, including legal as well as medical costs.
- It’s considerably harder to undo the damage. Financial and personal complications “can endure for years,” the World Privacy Forum said in a 2017 report, with many victims suffering “long term problems with aggressive medical debt collection” and severely impaired credit due to phony bills. Some even have faced prosecution because thieves used their identities to stockpile prescription drugs.
- It can harm your health as well as your finances, potentially causing treatment delays, incorrect prescriptions and misdiagnoses. As the FTC notes, “If a scammer gets treatment in your name, that person’s health problems could become a part of your medical record. It could affect your ability to get medical care and insurance benefits, and could even affect decisions made by doctors treating you later on.”
Medical profiles are a hot criminal commodity, fetching as much as $1,000 on the dark web compared to $1 for a Social Security number and $5 to $30 for a credit card, according to credit reporting agency Experian. They can be obtained by similar means: impostor scams, phishing, data breaches, fake offers of medical freebies, even crooks stealing your mail or going through your trash. But it’s often a matter of “friendly fraud”: In the Ponemon survey, nearly half of victims said their medical ID was used by a relative or someone else they knew.
- You get a bill for medical services you didn’t receive.
- You hear from a debt collector about a medical debt you didn’t incur.
- Your credit report includes health care expenditures you don’t recognize.
- An explanation of benefits (EOB) from your insurer or a Medicare Summary Notice includes office visits you didn’t make or treatment you didn’t receive.
- Your health plan says you’ve reached your benefit limit, citing treatment or services you did not get.
- Someone asks in a call or email for your Medicare or insurance number as part of a health care “survey” or offer of free medical products or services.
- Do shred outdated insurance forms, physician statements, prescription paperwork and other documents containing medical information before throwing them out. Keep electronic copies of such records secure.
- Do carefully review EOBs, bills and other correspondence from insurers and medical providers. If you see anything suspicious, such as a doctor’s name or treatment date you don’t recognize, notify your insurer immediately.
- Do ask your insurer at least once a year for a full list of benefits paid in your name.
- Do check your credit reports. Through the end of 2022, you can get one free report per week from each of the three reporting agencies (Experian, Equifax and TransUnion).
- Do get copies of your medical files if you believe you’ve been victimized, and act quickly to correct mistakes (see More Resources, below). You have a right to get your records from health care providers, although you may have to pay for them.
- Do file a police report, and give copies to your medical providers, insurers and the credit bureaus. It can help protect you if an identity thief starts using your information for fraud.
- Don’t jump on offers of free health services or products, especially if accompanied by a request for your Medicare or health plan number.
- Don’t provide medical or insurance information over the phone or in an email unless you initiated the communication and are certain of whom you’re dealing with.
- Don’t give medical or personal information in response to an unsolicited call or email from someone who claims to be from Medicare. A Medicare representative will call only if you initiated contact.
- Don’t answer questions from a caller who says he or she is conducting a health survey and needs your Medicare or insurance number.
- Don’t give your insurance information to a family member or friend, even if it’s to help them get treatment. Whatever the intent, it’s considered fraud against medical providers and insurers.
- If you’ve been a victim of medical identity theft, file a complaint with the Federal Trade Commission, online or at 877-438-4338.
- If the fraud is Medicare-related, report it to the U.S. Department of Health and Human Services’ Office of Inspector General, online or at 800-447-8477.
- The FTC’s fact sheet on medical ID theft includes a checklist of steps for obtaining and correcting your medical records in case of fraud.
Updated March 25, 2022
About the Fraud Watch Network
Whether you have been personally affected by scams or fraud or are interested in learning more, the AARP Fraud Watch Network advocates on your behalf and equips you with the knowledge you need to feel more informed and confidently spot and avoid scams.
More From the Fraud Resource Center