How To Prevent Medical Identity Theft: 7 Must-Do Steps

How Does Someone Steal Your Medical Identity?

Medical identity theft occurs when scammers use your health insurance information to illegally request prescription drugs, medical procedures, or submit fraudulent insurance claims.

Identity thieves can steal your information by using any of these methods:

• Data breaches. Fraudsters comb the Dark Web and other online forums for personal health information (PHI). And they often find it. In May 2024, an attack on Change Healthcare — a subsidiary of UnitedHealth — leaked the sensitive health information belonging to a third of Americans [*].
• Phishing attacks. Thieves spoof medical provider phone numbers or websites, pretending to create new patient profiles. Or they call, text, or email you posing as a medical professional who needs your health insurance card number or other personally identifiable information (PII).
• Stealing. Family members, friends, caregivers, and other medical staff may have easy access to your insurance numbers or medical information. Seniors with chronic health conditions are at a particularly high risk for medical identity theft; it’s easier to tuck in false claims when many are submitted at the same time.

How To Prevent Medical Identity Theft

1. Keep your health insurance information safe

A certificate of coverage, policy documents, or an explanation of benefits (EOB) stolen from your mail could open the door to medical identity theft. Physical insurance cards can also include your policy number, group number (if applicable), and copay.

The best way to keep this data safe is to either print temporary cards when you need them or switch to a digital card.

Most healthcare providers offer paperless insurance cards. Here’s how to make the switch if you’re an Anthem user, for example [*]:

• Log in to your Anthem account.
• Go to “Profile,” and then toggle on “Mobile ID cards.” 
• Download the Sydney^SM Health app.
• Open the app, and log in to your Anthem account.

At this point, you’ll be able to present your digital card at the doctor’s office — without having to carry a physical copy.

Anthem will likely also send you a physical insurance card for you to have on hand, just in case. If you lose it, you can request a new one by calling 800-676-BLUE (2583) or by requesting one through your online Anthem account.

A new card should arrive in 10 to 14 business days. In the meantime, access your health data through the Anthem Sydney app.

📚 Related: Stolen Social Security Card? Here’s What To Do →

2. Set up two-factor authentication for your online healthcare portal

Two-factor authentication (2FA) can keep hackers out of your account. Even if they guess your password, they’ll need a Face ID, fingerprint, or authenticator code to get in. Most insurance mobile apps have a 2FA option. For instance:

• UnitedHealthcare users are prompted to set up 2FA the first time they download the app. You can verify your identity via SMS text codes or phone calls [*]. 
• Blue Shield users have 2FA turned on by default. To log in to your myBlueCross account, verify your identity by using a code sent to your phone or email [*]. You have the option to leave 2FA enabled for every login attempt — even on registered devices.

{{show-cta}}

3. Compare your medical records and credit report

Warning signs of identity theft can show up on your medical bills, annual benefits summary, and EOB forms. If you don’t catch these mistakes, scammers could rack up medical debt without your knowledge. This has a domino effect on your credit score, as well.

• If you don’t recognize one of the medical services listed on your EOB or bill, contact your healthcare provider immediately.
• Any treatments having occurred in states or cities that you don’t visit regularly (or ever) are causes for concern. Even if a mistake isn’t due to medical identity theft, it can cost you money or benefits.
• Unscrupulous doctors or medical office scammers may also charge you multiple times for a single service. This is a form of Medicare fraud.

To prevent medical identity theft, also consider monitoring your credit:

• Request a free credit report through AnnualCreditReport.com. You can get a free copy of your credit report every week from each of the three main credit bureaus — Experian, Equifax, and TransUnion. Keep in mind that unpaid bills may only show up on your reports if they’ve remained unpaid for 12 months or more [*].
• Dispute fraudulent medical debt. Contact each bureau about the mistake. Submit a copy of your credit report with the issue circled or highlighted, copies of your medical records and driver’s license, and anything else that can prove the error. Generally, credit companies have 30 days to investigate and five days to notify you of the results after the fact.
• Sign up for a credit monitoring service. Aura monitors your credit report around the clock at all three bureaus. If anything suspicious is found, Aura sends you fraud alerts and provides 24/7 U.S.-based support to help deal with identity thieves.

The Consumer Financial Protection Bureau (CFPB) proposed a rule earlier this year that could dampen the immediate impact of medical identity theft. As a result, most medical bills could be removed from credit reports, and lenders would no longer be able to base their decisions on medical debt [*].

📚 Related: How To Dispute Debts in My Name (That Aren’t Mine) →

4. Ask questions before you share your SSN

In most cases, you should keep your Social Security Number private. But there are some entities in the healthcare system that legitimately need your SSN.

• The health insurance exchange is required by law to collect SSNs from all applicants who have an SSN. However, there are ways to enter your SSN without disclosing it to an agent or broker during enrollment [*].
• Your insurance provider is required to provide proof of health coverage to you and the Internal Revenue Service (IRS). If you decide not to provide your SSN, you may receive an inquiry from the IRS and may be liable for an individual shared responsibility payment [*].

📚 Related: How Does Social Security Identity Theft Happen? →

5. Identify trustworthy sources for healthcare coverage

Legitimate insurers don’t send you spam texts or messages on social media, but scammers do. Earlier this year, the Office of the Inspector General (OIG) issued a consumer alert about calls and texts purporting free Medicare services.

In reality, scammers were convincing victims to give up their Medicare numbers — which they then used to bill for unnecessary medical equipment [*]. You can avoid scams like these by looking for insurance coverage options on:

• Official government websites, which contain accurate information about providers. Make sure the website ends in “.gov” and displays government logos on its materials.
• Your state’s Marketplace, which has a list of certified enrollment partners.

To get free, unbiased insurance advice that is available 24/7 (in multiple languages), contact HealthCare.gov’s Call Center.

6. Maintain a personal medical journal

A medical journal can serve as additional evidence in an identity theft case. Keep careful records of when you went to the doctor, what you paid in copays, and any other related bills you paid over time.

You should also list emergency care information in your journal and take it with you to appointments. Even if your chart is modified by an identity thief, medical staff will know:

• Whom to contact (primary doctor; family or spouse contact).
• Your past health conditions or surgeries.
• Any allergies you might have.
• Medications you’ve been prescribed.
• Your blood type.

7. Report suspicious activity

If you suspect medical fraud or think you’ve accidentally compromised your information:

• Report it to the Federal Trade Commission (FTC). The FTC can’t resolve your problem, but an official identity theft report will help your case, and it comes with a personalized identity recovery plan. Go to IdentityTheft.gov. Tell them how your information was misused, and then add as many specific details about the incident as possible.
• File a report with the police. When you go to the station, show law enforcement your identity theft report, ID, and copies of your medical records. Ask for a copy of the police report to include in your communications with your insurance provider.
• Contact your doctor’s office and health insurance company. Ask that they remove fraudulent charges from your balance and update your records to reflect your true medical history. Send copies of your identity theft report, police report, and billing statements to support your claims.
• Notify the OIG. If you know of fraudulent Medicare or Medicaid claims, or need to report misconduct by the Department of Health and Human Services, call the OIG fraud hotline (1-800-HHS-TIPS) or report your issue online. Read their “Before You Submit” instructions to make sure you’re submitting a complaint that the OIG can investigate.

How Does Medical Identity Theft Affect You?

This type of identity theft can send tremors through all other areas of your life — from your physical health to your reputation and  finances.

For a respiratory therapist in Phoenix, medical identity theft led to garnished wages. Her employer, a hospital network, threatened to take money from her paycheck to cover the costs of emergency room visits made by a scammer [*].

In other cases, victims of medical identity theft are:

• Refused urgent medical treatment. Scammers max out their health plan benefits, leaving victims unable to access further medical care.

• Saddled with medical debt. Scammers rack up medical bills that can ruin their victim’s credit.
• Faced with life-threatening emergencies. Scammers contaminate medical records, and endanger victims’ lives with inaccurate medical information.

Don’t let any of these things happen to you — lock down your medical identity with Aura. Aura’s identity theft protection service alerts you whenever your credit card or online account numbers and SSN are at risk.

All plans come with Safe Browsing tools, a secure password manager, antivirus software, and always-on credit monitoring to keep your online identity and finances safe.

If the worst happens, Aura’s fraud remediation specialists can help you recover your identity and claim your identity theft insurance policy.

Protect your medical identity from scammers. Try Aura free for 14 days.