Adapted from Scam Me If You Can (Portfolio–Random House/AARP) by Frank Abagnale
En español | The mail pile was predictably large when the Karpinsky family returned home from vacation in July 2018. But what wasn't normal was the amount of grownup mail addressed to little Gavin Karpinsky, who was just 5 years old.
"I wondered why there were so many advertisements addressed to him, but I ripped them up and tossed them and didn't think much about it,” recalls Heather, Gavin's mother. The next day, Gavin received two more envelopes in the mail, and she did the same thing.
Then the bombshell: The following day's deliveries included a collection notice addressed to Gavin, seeking payment for $200 in health and nutrition products ordered through a television infomercial. Heather called the company, and a representative said they'd spoken with Gavin — he was a regular customer. “I told the representative that Gavin was only 5 years old and could not even dial a phone!” she says. Shocked and frightened, she contacted the police.
Four days after she received that notice, the ugly truth came out. In May, Gavin's doctor's computer had been hacked, compromising the names, dates of birth, Social Security numbers (SSNs) and insurance information of 14 underage patients, including Gavin. Crooks had already used his information to open credit cards in his name and to make purchases. The police told Heather that the doctor's office was not liable; it had paid for a security system to handle its data, and that was where the breakdown had occurred.
The only way for Heather to protect Gavin was to obtain fraud protection through a credit monitoring service. He'll need it for the rest of his life. “I was told his information will continue to be sold on the black market and his medical identity can continue to be used,” Heather notes. “He's 5 — he shouldn't really have a credit report or a credit rating.” But since he does, he also has credit monitoring. Heather will have to watch Gavin's credit until he's an adult; then he'll take over.
"Protecting your medical identity is a burden that falls on the victim,” Heather adds. She wonders how hard it will be for her son when he grows up and wants to use a credit card or needs to prove his medical identity to new doctors. For now his credit is frozen, but his personal information and medical records are out there forever.
Everything a crook needs to commit financial identity theft — personal data such as your SSN and bank account numbers — sells for about $25 on the black market. But stolen health insurance and medical records can fetch about $1,000 per person. The greater potential yield of medical identity theft justifies the higher price. Older Americans are particularly vulnerable; Medicare billing scams cost taxpayers over $60 billion a year.
Here's how to protect medical data.
- Monitor bank and credit card accounts and insurance-benefits statements for costs you didn't incur. Act promptly to correct records.
- Treat your insurance numbers as if they're as sacred, private and valuable as your SSN.
- Shred any medical paperwork you don't need to retain; that includes prescription-drug labels.
- Avoid revealing on social media any surgery, medical procedure or visit to a specialist.