A matter of life and death:

Protect your family’s medical data from hackers

Cyber-Seniors Cybersecurity Playlist

In 2022, over 21 million people’s data was exposed in just 11 large healthcare data breaches. Criminals hiding behind screens make a living from stealing – and selling – our personal identifiable information (PII) like names, birthdays, phone numbers, social security and insurance numbers. 

Protected health information (PHI) is worth more than 200x the value of stolen credit card information and 1000x the value of a stolen Social Security number (SSN) on the Dark Web. Given the high value and digitized nature of health data storage, medical identity theft is on the rise. It can involve the following: 

  • A hacker steals records from a hospital, doctors’ office, insurance provider or other medical office
  • Someone submits fraudulent medical insurance claims to claim cash
  • A scammer steals health insurance information to get illegitimate access to medical services, equipment, prescription drugs or financial benefits
  • A caller claims to be a Medicare representative to “verify” a Medicare number, but actually steal it or coerce victims into sharing credit card numbers to pay a fee for a new card or special treatment. 

The cost of medical identity theft can be astronomical, with almost two thirds of victims reporting losses greater than $13,500. But the risk isn’t only financial. In some cases, the legitimate policy holder may receive a misdiagnosis or incorrect treatment plan, as a result of a fraudulent and incorrect medical history being created by a criminal. In the most serious cases, unexpected bills, incorrect diagnosis and loss of benefits could cost victims their lives. 

Just last year, a U.S. Centers for Medicare and Medicaid Services subcontractor  experienced a data breach involving 254,000 Medicare beneficiaries’ PII. Those potentially impacted were notified and received updated Medicare cards and Beneficiary Identifiers. 

Canada’s largest provider of medical diagnostics and testing services, LifeLabs, was also recently breached. Hackers stole 15 million patients’ names, addresses, email, passwords, date of birth, health card numbers and even test results.

In many cases, it can take years for victims of medical identity theft to realize they’ve been targeted, only realizing when visiting the doctor’s office or the hospital. By then, benefit limits may have been reached, with thousands of dollars in fraudulent claims filed. 


Warning signs that you might be a target of medical identity theft: 

  • Unexpected bills from medical providers for services that you’ve never received
  • Unexpected medical kits sent to your home
  • Calls from debt collectors for medical debts that you don’t recognize
  • Surprising notification that you reached your benefits limit 
  • Mistakes or unexpected entries in your medical record, such as an incorrect address or date of birth
  • Fraudulent entries in your medical records, like blood tests you didn’t do or medications you weren’t prescribed.
  • Receiving a change of address confirmation from your insurance provider, even though you haven’t moved 
  • Insurance claims being denied because your medical records show you have a condition. This is one of the worst consequences of medical identity theft, and could cost victims their lives.

While all of this can feel overwhelming, the best way to tackle medical identity theft is to be proactive about securing your sensitive information. 

Here are three steps for you and your family to prevent identity theft:

  1. Safeguard your health insurance card and Medicare cards. Treat these cards and all personal health information as you would a credit card or SSN or SIN. If you lose these cards, contact your health insurance provider immediately.
  2. Protect your mail and online credentials. Never share your patient portal credentials with anyone else. You can opt for paperless bills to reduce the chance of mail fraud (like a change-of-address scam) leading to the exposure of your personal information. Another option is to get a locked mailbox to provide extra security for your sensitive information. 
  3. Review the Explanations of Benefits (EOB) and all bills and notices. It’s easy to set bills aside without a second thought. Make a habit of reviewing everything related to your medical care.

Pro tip: Sign up for a family identity theft monitoring plan. Aura can monitor and alert you if someone is trying to scam you online or your family’s sensitive information is being used for suspicious activity. If you are interested in learning more about identity monitoring and protection, visit: aura.com/janblog

For more information about  Medicare scams and medical identity theft, visit: https://www.aura.com/learn/what-can-someone-do-with-my-medicare-number

Subscribe to Our Newsletter