Medical care is more expensive than ever, and most consumers are painfully aware that even minor medical situations can result in massive bills. The catch is that criminals get sick too, and they’re increasingly relying on a classic tactic to avoid having to pay for treatment: identity theft.
Medical identity theft specifically targets medical information—especially insurance information—instead of financial data. “Health care data is now much more valuable on the dark web than something like a credit card number,” says Adam Kennedy, senior product manager at credit agency Experian, “so it’s become a primary target for hackers.”
Attackers have increasingly set their sights on medical data in response. Critical Insight, a cybersecurity company based in Washington, recently reported that healthcare data breaches rose by 32 percent from 2020 to 2021, with nearly 50 million individual records impacted. A typical “mega-breach” of a large insurer or hospital can net hackers millions of records in a single attack.
How does medical ID theft work?
While medical identity theft attack patterns vary, the most common is when a criminal uses a victim’s insurance information in order to receive treatment or fill a prescription. This can be as simple as picking up a bottle of painkillers or as complex as undergoing major surgery. Because of the glacial pace of insurance processing and the complexity of medical bills—who has ever truly read the entirety of an insurance statement?—it can be months before the victim finds out about the fraud.
The damage can be catastrophic, and it can wreak havoc on a victim’s life in many ways, says Kennedy. “If your health information is compromised and muddied with someone else’s diagnoses and treatments, it can result in you having your own conditions misdiagnosed or legitimate insurance claims denied,” he says. Of course, it can also have severe financial repercussions, too. “These bills can be turned into collections and can make your insurance premiums rise,” he adds. There can even be criminal consequences stemming from medical ID theft due to stringent laws around prescription drug abuse.
“Cleaning all of this up takes much more time and stress than it does for your everyday identity theft,” says Kennedy.