How cancer patients can avoid identity theft

Sophisticated cyberattacks are more common than ever as thieves find new ways to steal people’s information and identity. Patients with cancer are sometimes among the most vulnerable targets.

Scammers may robocall, text or email patients to steal information, using your health as an angle to trick you by including bogus links in emails or texts. Impersonating a company is a popular way to commit medical treatment scams, identity theft and health insurance rip-offs. It’s easy to take the bait if they’re pretending to be a hospital like MD Anderson or a health care organization that you trust.

“Emails or phone calls can be spoofed to confuse the recipient into divulging information about themselves, their finances or their health. So, it is important to verify the source of requests for your personal, financial, or health information, and learn how to identify fraud attempts,” says Joanne Ashland, a senior information security analyst at MD Anderson.

Protect your data

Use these tips to protect your data, whether it’s stored on your personal computer, phone or company laptop.

• Never give out your financial or medical information over the phone to telemarketers or strangers. Scammers can cause insurance or billing fraud, disclose sensitive health conditions for extortion, or sell your information to other scammers.
• Don’t trust an “urgent request.” Scammers will pressure you to act fast and give them your information to resolve a supposed “issue” with your account.
• Closely review the sender’s address in emails you receive, and don’t click on any links that look suspicious. A deceptive email may appear to be from a real company or person but could include a link or attachment that leads hackers directly to your private information once you click it.

Don’t engage if you’re unsure if a text message, email or phone call you’ve received from a business is legitimate. Call the company to ask about the interaction.

“MD Anderson uses standard demographic information to verify a patient’s identity,” says Demetra Curtner, director of Patient Business Services. “When a patient reaches out, we’ll ask them to provide their address and date of birth to verify their identity.” Sometimes, MD Anderson will ask for financial information to process claims. Typical information we request includes:

• demographic information
• copies of insurance cards
• a copy of your ID card, which is the industry standard

“It’s important to be careful who you provide your information to, especially over the phone, to ensure you keep your information safe and secure,” Curtner says.

Before confirming any information over the phone, patients can ask the caller to verify additional information regarding their account, like the last four digits of a credit card number they may have on file or their medical account number.

Protect your password

It’s important to create passwords that are hard for others to figure out but easy for you to remember. Then, make sure you take steps to protect your password.

“Don’t use the same password for all logins, and use two-factor authentication, which provides an extra layer of security by sending you a code via text or email before you can log into a site,” including MyChart, says Martin Kagan, a member of MD Anderson’s Patient and Family Advisor Program.

His advice is based on years of career experience as an IT professional. As a cancer patient himself, Kagan also follows this guidance to protect his own personal health information.

In addition to setting up two-factor authentication, Kagan advises patients to log into websites directly instead of clicking on URLs in text messages or emails.

Change your behavior and watch for suspicious activity

“If your identity is stolen, cancel credit cards immediately and let your financial institutions know about it,” Kagan says. “Patients should take the technical steps needed to protect themselves, but behavior changes are equally important.”

• Review your MyChart account regularly for mistakes or unexpected statements in your medical record. Also question unusual medical bills. 
• Detailed appointment reminders and MyChart notifications are sent to the phone number and email address you provide to MD Anderson. Using MyChart is a secure way to share information with your care team. 
• Never post your medical record number on social media. Also avoid posting that you are away from home, are ill or use certain financial or medical services. This information can be used by scammers to target you. Social media sites may also divulge your age, birthdate and even phone number. 

Trust your gut

Trust your instincts and keep these tips top of mind when filling out forms and sharing personal information online. If you’re an MD Anderson patient and suspect that you’re a victim of medical identity theft, contact our Patient Advocacy team at 713-792-7776. Report any phone calls, texts, emails and mail that seem suspicious to the Federal Trade Commission.