Stealing Your Health: How Medical Identity Theft Occurs and How To Avoid Becoming a Victim

Medical identity theft is more common and dangerous than you think, so diligent awareness is your best bet in safeguarding your medical profile.
We receive compensation from the products and services mentioned in this story, but the opinions are the author's own. Compensation may impact where offers appear. We have not included all available products or offers. Learn more about how we make money and our editorial policies.

Today, medical identity theft is on the rise. This unfortunate trend makes your personal information, especially your medical and insurance profile, a hot commodity in the criminal underworld. Fraudsters will steal your medical or health insurance information, assume your identity, and attempt to receive care, purchase equipment, get drug prescriptions, or file false medical insurance claims in your name.

Medical identity theft is particularly insidious because it's harder to detect and can often go unnoticed for years. Worse yet, federal laws limiting consumer liability don't protect victims, and they can be held responsible for the fraudulently accrued debt. Also, your health can suffer from altered medical records, and you can even face criminal prosecution if prescription drugs were purchased, stockpiled, and sold using your identity.

The odds of becoming a victim are increasing rapidly, with medical identity theft cases reported to the Federal Trade Commission (FTC) increasing from about 6,800 in 2017 to nearly 43,000 in 2021.[1]

Read on to learn how to prevent or, if necessary, recognize and quickly combat medical identity theft before it negatively impacts your life.

In this article
How does medical identification theft happen?
Why would thieves steal your medical identity?
Medical identity theft warning signs
What to do if you become a victim of medical identity theft
How to stay safe from medical identity theft
Medical identity theft FAQs
Bottom line

How does medical identification theft happen?

To commit medical identity fraud, criminals need access to your personally identifiable information (PII), including full name, date of birth, Social Security number, health insurance number, and Medicare number.

Medical identity theft happens when this information lands in criminal hands due to negligence or malicious activity. Once the scammers have your personal information, they can assume your medical identity and receive medical procedures, medication, or insurance benefits as if they were you.

Medical identity theft can originate from inside, outside, or friendly sources.

Insider fraud

Insider fraud occurs when someone inside the health care or insurance system violates professional trust and maliciously allows unauthorized parties access to confidential patient information — for a price.

Personally identifiable medical information currently draws a high price on the dark web black market, which can be tempting for unscrupulous health care providers or insurance professionals with access to patient records. This type of internal attack has the best chance of succeeding in the health care sector, with a success rate of 66%, according to Statista.

How prevalent is insider fraud? Here are some unsettling numbers to consider — according to a 2018 Accenture survey, 18% of health care employee respondents are willing to sell personal patient data to unauthorized parties, and 24% of the respondents said they know of someone in their organization who has sold their credentials or access to an unauthorized outsider.

Outsider attacks

Outsiders employ various methods and techniques to obtain personal medical information. It can be as simple as digging through trash to find carelessly discarded medical files, bills, or insurance cards.

Outside scammers also use phishing emails, calls, and texts to convince individuals to provide their PII. These attempts appear to come from legitimate sources, such as someone from your doctor’s office, and often offer deals or specials to lure unsuspecting customers. If activated, phishing emails can contain malware links providing unrestricted access to patient information.

Hackers also target health care or insurance organizations for large-scale network data breaches, which can allow unauthorized access to the personal records of all patients on file.

Friendly fraud

Despite the less ominous name, medical identity theft resulting from "friendly" fraud can be just as dangerous as threats from inside or outside sources. Friendly fraud occurs when someone the patient knows, either a family member or friend, uses their trusted status with the patient to access their medical identification and benefits.

Medical identity theft resulting from friendly fraud is common. Many patients feel comfortable trusting relatives or friends with their personal medical identification information. A Ponemon survey indicates that half of medical identity theft victims say a family member or someone they knew used their medical identification information.

Medical providers and patients aren't the only ones feeling the sting of medical identity theft today. Medicare and Medicaid providers can become victims when identity thieves use stolen patient information to make fraudulent claims for medical equipment or services that were never prescribed or ordered for the patient.

Why would thieves steal your medical identity?

Stealing your medical identity can open up a significant number of illicit options for enterprising criminals, which include:

  • Selling your stolen information on the dark web
  • Obtaining medical care, equipment, prescriptions, and other benefits in your name
  • Submitting fraudulent medical bills to insurance providers
  • Falsifying medical insurance claims
  • Fraudulently applying for Medicare or Medicaid benefits
  • Stockpiling prescription drugs for resale
  • Altering your medical records

Medical identity theft warning signs

Don't be the unfortunate person who gets blindsided by medical identity theft and all the problems that can follow if someone commits fraud using your personal information.

There are some critical warning signs that your medical identity has been stolen and is involved in fraudulent activity. Be sure to keep an eye out for the following red flags indicating you may be a victim of medical identity theft:

  • Incorrect information appearing in your medical records
  • Unexpected medical bills, equipment, or explanation of benefits (EOB) statements you never incurred or requested
  • Your insurance claim is refused due to reaching your benefit limit or experiencing a denial of insurance coverage for an unknown condition
  • Damaged credit scores
  • Calls from debt collectors on charges you never incurred

What to do if you become a victim of medical identity theft

If you think you may be a victim of medical identity theft, you must act fast to mitigate the potential consequences and damage. It's better to err on the side of caution and quickly take mitigative action, which should include:

  • Filing a police report with local law enforcement and a complaint with the FTC at
  • Filing a notice with the U.S. Department of Health and Human Services Office of Inspector General if your medical identity theft could involve Medicare
  • Checking your credit report and notifying the credit bureaus to add a fraud alert
  • Setting up a credit freeze if necessary
  • Contacting your health insurance company to make sure there wasn't an error on their end
  • Requesting a copy of your medical records from the provider where the fraud may have occurred

How to stay safe from medical identity theft

Below are some recommended actions to help prevent you from becoming a medical identity theft victim. Remember to:

  • Organize and keep all personally identifiable, medical, and insurance information private and secure.
  • Be mindful and alert to avoid potential phishing or smishing scam attempts.
  • Continuously monitor your credit report by ordering free monthly Equifax credit reports, and be prepared to dispute unknown debts on your credit report.
  • Periodically check your medical records and health plan to ensure it correctly reflects your care history.
  • Stay current on publicized health care or insurance cyber breaches that may put your PII at risk.
  • Avoid offers for free medical services or products that request your PII.
  • Properly destroy all old medical bills, health insurance cards, and documents containing your sensitive health care or insurance information.
  • Consider purchasing identity theft protection and using a password manager service.

Medical identity theft FAQs


What is medical identity theft?

Medical identity theft is the act of stealing PII, such as name, date of birth, Social Security number, and health insurance or Medicare numbers, to assume another's identity and fraudulently attempt to obtain medical care, equipment, prescriptions, or insurance benefits in their name. Medical identity theft is especially dangerous because it can easily go undetected and may result in undeserved debt liability and the possibility of criminal prosecution for the victim.


How can medical identity theft occur?

Medical identity theft can result from inside, outside, or friendly origins.

Insider-driven medical identity theft occurs when malicious health care or insurance system insiders sell access to sensitive patient information.

Outside attacks come from phishing scams to trick patients or providers into releasing sensitive personal medical information or from large-scale cyber breaches of health care or health insurance providers.

Medical identity theft can also originate from "friendly" sources. This happens when friends or family members obtain and use a patient's medical profile with or without their consent.


What can someone do with your medical record number?

When a fraudster gets ahold of your medical record number, they can effectively assume your medical identity and visit a medical provider, get a prescription from a pharmacy, order medical equipment, file fraudulent claims for insurance benefits, and enjoy full access to your medical record history.

Bottom line

Stealing your medical identity can be significantly rewarding for criminals while being extremely inconvenient and potentially costly for you. When someone steals your medical identity, you can't expect much help regarding consumer liability debt protection — you could get hit with a massive medical debt, damaged credit, and possible criminal charges.

With such high stakes and medical identity theft on the rise, everyone must look for unrecognized debt, incorrect medical records, or notifications of used-up insurance benefits.

Prevention always trumps restoration, so focus on securing personal information while being mindful of phishing scams and avoiding offers for free medical services or products. Those who remain vigilant in monitoring their credit scores and medical reports while having an action plan to combat fraud stand the best chance of safeguarding their medical identity from this type of identity theft.

Editorial Rating
Learn More
On Aura Identity Theft's website
Identity Protection
Aura Identity Theft
Up to 68% off Family Annual Plans
  • Excellent identity theft protection service
  • Includes a password manager and VPN
  • Robust tools for children’s security

Author Details
Mark Knowles is a freelance tech content writer specializing in cybersecurity. His expertise includes DevSecOps, cyber risk management, and Zero Trust model security. Mark has completed numerous case studies, blog articles, and e-books for leading technology companies over the last eight years, with a focus on the cybersecurity vertical over the last five years. When not interviewing experts in the field or creating fresh cybersecurity content for organizations, Mark enjoys pushing the limits of fitness and personal growth while planning his next traveling adventure.


1. Medical Identity Theft