Medical Record Scams: A Growing Threat to Patient Privacy

The healthcare industry has embraced modern technologies to streamline processes and enhance patient care. With an increasing reliance on electronic health records and online platforms, a new and glaring issue has emerged in the shape of medical record scams.

These scams involve the unauthorized access, theft, or manipulation of patient medical records for financial fraud, identity theft, and other malicious purposes. They are becoming more sophisticated and prevalent in recent years, posing a significant threat to patient privacy and data security.

The Landscape of Medical Record Scams 

Although this may seem like a niche target for cybercriminals, medical record scams are relatively expansive. A quick look at some of the most common ways these scams take shape outlines a trending landscape.

  • Medical Identity Theft: This involves the fraudulent use of someone’s personal information, including their medical history, for obtaining medical services, prescriptions, or insurance claims. Criminals can exploit stolen records to acquire expensive medical treatments, grift prescriptions, and even undergo surgeries under someone else’s name.
  • Fraudulent Medical Billing: Criminals manipulate medical records to create fake claims for services that were never provided, resulting in financial losses for patients and healthcare providers. The scam can also occur when a fraudster uses a patient’s identity to receive medical services, sending the bill to you.
  • Ransomware Attacks: Cybercriminals often target healthcare institutions’ computer systems with ransomware –malicious software that encrypts files and demands a ransom payment for their release. Hospitals and clinics are left with the dilemma of paying the ransom to regain access to crucial patient data or risking patient care by not paying.
  • Phishing and Social Engineering: Scammers use deceptive emails, messages, or phone calls to trick healthcare professionals into sharing sensitive patient information or login credentials. Such attacks exploit human vulnerabilities, making even well-trained staff members susceptible to unintentional breaches.
  • Sale of Medical Records on the Dark Web: Stolen medical records are often sold on the dark web, providing fraudsters with a treasure trove of personal information that can be used for various illicit purposes, including identity theft and targeted phishing attacks.

Impact on Patients and Healthcare Providers

The repercussions of medical record scams are far-reaching, affecting patients and providers alike. Some of the significant impacts include the following:

  • Compromised Patient Safety: Incorrect or altered medical records can lead to misdiagnoses, incorrect treatments, and patient harm. Also, delayed access to medical records due to ransomware attacks can hinder critical emergency decision-making.
  • Erosion of Trust: Patients trust healthcare providers to safeguard sensitive medical information. Breaches of this trust can result in patients being hesitant to share accurate and detailed medical histories, which can hinder accurate diagnoses and treatment plans.
  • Financial Consequences: Both patients and healthcare institutions can suffer financial losses due to fraudulent claims, legal actions, and costs associated with rectifying breaches. Organizations may face regulatory fines and reputational damage as well.
  • Legal and Ethical Concerns: Medical record scams raise significant ethical and legal dilemmas. Healthcare providers are legally bound to protect patient privacy under regulations like the Health Insurance Portability and Accountability Act (HIPAA). Failure to do so can lead to legal actions and penalties.

Emerging Trends in Medical Scams

A few emerging trends and technologies allow criminals to perpetrate medical record scams successfully. As new tech evolves, so do the techniques cybercriminals employ to put their scams into action. Knowing how these can help keep their signs and red flags on your radar.

  • Deepfake Voice Calls: Scammers use AI-generated deepfake voice technology to impersonate healthcare professionals or insurance agents on phone calls. This tactic can manipulate patients into sharing sensitive information such as financial details and Social Security numbers.
  • IoT Device Exploitation: The proliferation of Internet of Things (IoT) devices in healthcare settings has introduced new vulnerabilities. Cybercriminals can exploit weak security measures in connected medical devices to access patient records or infiltrate hospital networks.
  • Insider Threats: Not all medical record scams involve external actors. Employees with access to patient records can abuse their privileges for personal gain. Organizations must implement robust monitoring and access controls to prevent these insider threats.

Preventative Measures and Future Directions 

While securing patient data remains a critical responsibility for healthcare institutions, there are also a few preventive measures at the personal level to help better safeguard your health information and identity.

  • Education and Training: Regular training sessions can help healthcare staff recognize phishing attempts and other social engineering tactics. Patients should also be educated about potential scams and how to safeguard their personal information. Like with any other scam – the more you know, the better equipped you’ll be to spot it.
  • Multi-Factor Authentication (MFA): Implementing MFA can add an extra layer of security to access patient records, reducing the risk of unauthorized access even if login credentials are compromised. Set up MFA with any apps or online portals you use with your medical providers.
  • Regular Software Updates and Patching: Healthcare institutions should ensure that their software systems are up to date with the latest security patches to protect against known vulnerabilities. Patients should update healthcare apps and connected devices for the same reasons.
  • Collaboration and Information Sharing: Healthcare organizations should collaborate to share information about emerging threats and effective countermeasures, fostering a collective defense against medical record scams.


LibertyID provides expert, full-service, fully managed identity theft restoration to individuals, couples, extended families* and businesses. LibertyID has a 100% success rate in resolving all forms of identity fraud on behalf of our subscribers.

*LibertyID defines an extended family as you, your spouse/partner, your parents and parents-in-law, and your children under the age of 25.