COVID-19 is Making Medical Identities Sick

Fraud Protection Advice for the Pandemic and Beyond

In an average year, medical identity theft is known to be a big problem. According to the Identity Theft Resource Center, in 2019, over a third (35.6 percent) of data breaches were of healthcare information. Stolen medical identities sell on the Dark Web for $60 to $70 on average, as opposed to as little as $4 for a Social Security number. But, as we all know, 2020 is no average year. The COVID-19 pandemic has made it much easier for scammers to steal medical and healthcare information from anxious consumers. And when the dust settles, we may find that the virus has created a booming market for the sale of stolen medical identities. Let’s take a look at the issues, current scams, and steps you can take to protect yourself.

Thieves misuse personal health information (PHI) for numerous kinds of fraud: selling stolen insurance information to people who don’t have coverage, committing Medicare fraud by billing for services that were never rendered, even impersonating doctors to commit payment fraud or forge prescriptions. And when your medical identity is used by someone else, you can be charged for these medical bills, have insurance coverage denied on your legitimate medical bills if fraudulent claims exceed your policy’s limit, or you could even receive a life-threatening misdiagnosis or treatment if someone else’s medical information gets into your medical record.

There are thousands of COVID-related scams right now—many attempting to steal medical information—so beware! Here are some of the current cons that have been reported by the FTC, FBI, and other authorities:

• Impersonating health authorities:Fake websites are replicating real organizations such as the World Health Organization (WHO) and the Department of Health and Human Services (HHS). The fraudulent sites ask consumers to enter personal information in order to receive updates and safety information about the coronavirus. Sometimes the “updates” are downloads that include malware or emails that direct people to other fake websites.
• Counterfeit medicines or equipment: Scammers are offering fake coronavirus testing and coronavirus vaccine kits being sold through websites that claim to represent the World Health Organization (WHO), the FDA, or other legitimate agencies. The sites offer the kits for free, but consumers have to enter credit cards and other information to pay for shipping. HHS reports that some sites are offering test kits to Medicare beneficiaries in return for their Medicare information and other personal details.
• Fake healthcare services: A New York Times article described a phony COVID testing station in a mall parking lot in Kentucky. Victims paid $240 and gave credit card numbers, SSNs, and other personal information to have their mouths swabbed. When local journalists showed up and started asking questions, the operators packed their tents and drove away with the ill-gotten personal information, ripe to commit identity theft.
• Phishing Scams: BlueShield reports that fraudulent robocalls and telemarketers are offering free items and services, such as cleaning supplies and COVID-19 test kits, in exchange for people’s insurance information.

Variations of these schemes are popping up all over. And by the time you read this, scammers will no doubt have come up with a dozen new ways to exploit the pandemic, so it’s important not to let corona and COVID outweigh caution and common sense. Personal fraud protection is as important as good hygiene!

Here’s a summary of the U.S. Department of Justice recommendations to protect yourself:

• Never respond to unsolicited emails offering information, supplies, or treatment for COVID-19 or requesting your personal information for medical purposes. If you need testing or treatment, contact your regular healthcare providers.
• Independently verify the identity of any company, charity, or individual that contacts you regarding COVID-19. Scammers often choose website names and email addresses close to those of real organizations, so read carefully.
• Never click on links or open email attachments from unknown sources.
• Make sure your security software is up to date and promptly install security patches for your operating system and apps.
• Remember that there is currently no approved vaccine, cure, or treatment for COVID-19. When there is, you will hear about it through national news sources and your healthcare providers.

The DOJ also recommends that you avoid any supposed business or charity that asks for payments or donations in cash, by wire transfer, gift card, or through the mail, and any company or person offering unsolicited “investment opportunities” tied to COVID-19. Again, any company that is really closing in on a vaccine or cure is going to be all over the mainstream news.

The final, critical defense against medical identity theft is to carefully review every Statement of Benefits from your healthcare providers. Even if you diligently protect your medical privacy, criminals are targeting overloaded healthcare organizations for cyberattacks or theft of patient records. And medical identity theft is difficult to recover from, so having an identity protection plan such as MyIDCare is about the best protection you can have for your medical privacy. That way, if you run into problems, an expert team of recovery specialists will be on call to restore your medical identity to full health. Couldn’t we all use one guaranteed good prognosis right now?