Javascript is not enabled.

Javascript must be enabled to use this site. Please enable Javascript in your browser and try again.

Skip to content
Content starts here
Leaving Website

You are now leaving and going to a website that is not operated by AARP. A different privacy policy and terms of service will apply.

Stolen Medical Records Lead to Patient Identity Theft

AARP's fraud expert shares how to secure your personal health data

spinner image Collage of images with a fingerprint, man grabbing a file folder and identity symbol
Getty Images

Adapted from Scam Me If You Can (Portfolio–Random House/AARP) by Frank Abagnale

The mail pile was predictably large when the Karpinsky family returned home from vacation in July 2018. But what wasn't normal was the amount of grownup mail addressed to little Gavin Karpinsky, who was just 5 years old.

"I wondered why there were so many advertisements addressed to him, but I ripped them up and tossed them and didn't think much about it,” recalls Heather, Gavin's mother. The next day, Gavin received two more envelopes in the mail, and she did the same thing.

Then the bombshell: The following day's deliveries included a collection notice addressed to Gavin, seeking payment for $200 in health and nutrition products ordered through a television infomercial. Heather called the company, and a representative said they'd spoken with Gavin — he was a regular customer. “I told the representative that Gavin was only 5 years old and could not even dial a phone!” she says. Shocked and frightened, she contacted the police.

spinner image Image Alt Attribute

AARP Membership— $12 for your first year when you sign up for Automatic Renewal

Get instant access to members-only products and hundreds of discounts, a free second membership, and a subscription to AARP the Magazine.

Join Now

Four days after she received that notice, the ugly truth came out. In May, Gavin's doctor's computer had been hacked, compromising the names, dates of birth, Social Security numbers (SSNs) and insurance information of 14 underage patients, including Gavin. Crooks had already used his information to open credit cards in his name and to make purchases. The police told Heather that the doctor's office was not liable; it had paid for a security system to handle its data, and that was where the breakdown had occurred.

The only way for Heather to protect Gavin was to obtain fraud protection through a credit monitoring service. He'll need it for the rest of his life. “I was told his information will continue to be sold on the black market and his medical identity can continue to be used,” Heather notes. “He's 5 — he shouldn't really have a credit report or a credit rating.” But since he does, he also has credit monitoring. Heather will have to watch Gavin's credit until he's an adult; then he'll take over.

spinner image cartoon of a woman holding a megaphone

Have you seen this scam?

  • Call the AARP Fraud Watch Network Helpline at 877-908-3360 or report it with the AARP Scam Tracking Map.  
  • Get Watchdog Alerts for tips on avoiding such scams.

"Protecting your medical identity is a burden that falls on the victim,” Heather adds. She wonders how hard it will be for her son when he grows up and wants to use a credit card or needs to prove his medical identity to new doctors. For now his credit is frozen, but his personal information and medical records are out there forever.

The Lessons

Everything a crook needs to commit financial identity theft — personal data such as your SSN and bank account numbers — sells for about $25 on the black market. But stolen health insurance and medical records can fetch about $1,000 per person. The greater potential yield of medical identity theft justifies the higher price. Older Americans are particularly vulnerable; Medicare billing scams cost taxpayers over $60 billion a year.

See more Health & Wellness offers >

Here's how to protect medical data.

  • Monitor bank and credit card accounts and insurance-benefits statements for costs you didn't incur. Act promptly to correct records.
  • Treat your insurance numbers as if they're as sacred, private and valuable as your SSN.
  • Shred any medical paperwork you don't need to retain; that includes prescription-drug labels.
  • Avoid revealing on social media any surgery, medical procedure or visit to a specialist. 

Discover AARP Members Only Access

Join AARP to Continue

Already a Member?