What to Do If Your Health Insurance Information Is Stolen

Digital Learning Guide Team

Published May 14, 2026 · Last updated May 18, 2026 · 5 min read · Digital Safety

Written by Digital Learning Guide Team · Reviewed by Darsheel Tiwari, Editor-in-Chief, TheDigitalLife · Editorial standards

This guide explains medical identity theft or exposure of health insurance, Medicare, Medicaid, or medical billing information in a practical, USA-focused way. It is written for someone who needs clear next steps, realistic recovery options, official reporting paths, and a way to organize proof. The goal is not to scare you or promise an impossible fix. The goal is to help you act in the right order, avoid common mistakes, preserve evidence, and contact the correct organization quickly.

Digital safety problems often become worse when people keep talking to the scammer, delete proof, wait too long to call the bank, or trust a second scammer who claims to recover lost money. Use this article as a step-by-step checklist and verify any account-specific details directly with the relevant bank, company, agency, or platform.

Quick Answer

If you are dealing with medical identity theft or exposure of health insurance, Medicare, Medicaid, or medical billing information, act quickly but carefully. Stop communicating with any suspicious person or website, save screenshots and transaction details, secure the affected accounts, and contact the organization that can actually investigate the issue.

For this topic, the most important early actions are: contact your health insurer or Medicare plan immediately, review explanation of benefits statements for services you did not receive, and ask providers and insurers how to correct inaccurate records. If money was taken or moved, contact the financial company immediately. If personal information was misused, use IdentityTheft.gov and consider credit freezes or fraud alerts. If the incident involved online crime, account takeover, a wire transfer, or cyber-enabled fraud, consider filing an FBI IC3 complaint as well.

The biggest risk is fraudulent medical claims, incorrect medical records, denied benefits, billing collections, prescription fraud, and misuse of Medicare or insurance numbers. Do not assume the problem is solved just because one password was changed or one transaction was reported. Many scams are multi-step: the criminal may use one stolen detail to reset another account, open a new account, convince you to share a verification code, or contact you again as a fake recovery agent. A good response includes securing accounts, reporting the event, watching for related misuse, and keeping records until every dispute or claim is closed.

Emergency Action Box

  • Stop replying to the suspected scammer or unknown caller immediately.
  • Do not click more links, download files, install apps, or share one-time codes.
  • Save screenshots, transaction IDs, phone numbers, website URLs, emails, texts, and account alerts before deleting anything.
  • Change passwords from a trusted device, especially for email, banking, payment apps, and phone carrier accounts.
  • Contact your bank, card issuer, payment app, insurer, mobile carrier, or platform if money, access, or identity information was involved.
  • Use IdentityTheft.gov when personal information was used or exposed, and consider FTC ReportFraud or FBI IC3 for scam or internet crime reporting.
  • Call 911 or local law enforcement if there is immediate danger, threats, stalking, extortion, or physical safety risk.

Quick Navigation

  • Confirm what happened and what information or money is at risk.
  • Secure the most important account first: email, bank, card, phone, or identity records.
  • Collect proof before websites, messages, or account screens disappear.
  • Contact the official organization using a verified phone number or website.
  • File reports with the appropriate official agency when scam, fraud, or identity theft is involved.
  • Monitor accounts and credit reports for follow-up damage.

Quick Summary

SituationRecommended action
Main problemMedical identity theft or exposure of health insurance, Medicare, Medicaid, or medical billing information
Biggest riskFraudulent medical claims, incorrect medical records, denied benefits, billing collections, prescription fraud, and misuse of Medicare or insurance numbers
Do firstContact your health insurer or Medicare plan immediately
Proof to saveScreenshots, dates, amounts, URLs, sender details, account alerts, confirmation numbers, and letters
Who to contactHealth insurance fraud department, Medicare if Medicare information was involved, HHS Office of Inspector General for Medicare fraud
Escalation pathFTC ReportFraud, IdentityTheft.gov, FBI IC3, CFPB, state attorney general, bank regulator, or local police depending on the incident
What not to doDo not send more money, share verification codes, call random support numbers, or pay recovery scammers

What This Scam or Problem Means

In plain terms, this situation means that someone may have gained access to information, money, documents, account credentials, or identity data that can be used against you. In the case of medical identity theft or exposure of health insurance, Medicare, Medicaid, or medical billing information, the damage may show up immediately or weeks later.

A fake transaction may appear first, like an explanation of benefits (EOB) statement for doctor visits or prescriptions you never had. Then a new account may appear on your insurance portal. Then a debt collector, tax notice, bank alert, or account recovery email may follow. That is why the response should not be limited to a single phone call. It should be a documented recovery process that checks medical bills, credit reports, and related financial accounts.

Many digital safety incidents start with social engineering, not advanced hacking. Scammers impersonate banks, government agencies, delivery companies, relatives, employers, payment apps, or customer support. They pressure people to act quickly, hide the situation from others, or verify identity by giving information that a real company would not ask for in that way.

The safest response is to slow down, move to official channels, and treat every request for a password, PIN, one-time code, remote access, gift card, crypto transfer, or wire transfer as suspicious until verified. For health insurance theft, thieves often use stolen member IDs, policy numbers, or dates of birth to file fake claims at pharmacies, clinics, or hospitals across the US.

Warning Signs

  • You are told to act immediately or your account will be closed, arrested, charged, or permanently locked.
  • The person asks for a password, PIN, full Social Security number, one-time passcode, recovery code, or remote access.
  • You are asked to move money to protect it, pay a fee to unlock funds, buy gift cards, send crypto, or use Zelle, Venmo, Cash App, or wire transfer.
  • The website link looks similar to a real company but has extra words, misspellings, unusual endings, or a shortened URL.
  • A caller says not to call the official phone number on your card, statement, or app.
  • A message arrives unexpectedly with an attachment, QR code, delivery problem, tax warning, refund promise, or account security alert.
  • The person claims to be from a bank, law enforcement, the IRS, the FTC, the FBI, or a tech company but pressures you for secrecy.

These signs often appear in phishing emails pretending to be from your insurer or Medicare, or in data breach notifications from healthcare portals. Pause and verify through your official member portal or app before responding.

What to Do First

The first step is to separate real risk from panic. Ask three questions: Did you share information? Did money move? Was an account accessed? If the answer to any of these is yes, treat the incident as urgent.

If you only saw a suspicious message but did not click or respond, the response may be lighter, but you should still block and report it. If you clicked, entered information, sent money, downloaded an app, deposited a check, or gave remote access, take immediate protective action.

  • Contact your health insurer or Medicare plan immediately. Use the number on your insurance card, member ID card, or official website. Ask for the fraud department and report any unauthorized use of your member ID or policy details.
  • Review explanation of benefits statements for services you did not receive. Log into your insurer's portal or check mailed EOBs for unfamiliar claims, like visits to out-of-state doctors or prescriptions you never filled.
  • Ask providers and insurers how to correct inaccurate records. Request an audit of your medical history and instructions for disputing false entries that could affect future care or coverage.
  • Report Medicare fraud or medical identity theft to the proper hotline if needed. For Medicare, use the official reporting line found on Medicare.gov.
  • Check credit reports if bills or collections appear. Look for medical debt from fake services.

When you contact an official company, use the number on the back of your card, the official app, a statement, or the verified website typed manually into the browser. Do not use a phone number from a suspicious text, online ad, social media comment, or pop-up.

If the issue involves a bank or credit card account linked to medical billing, ask for the fraud or disputes department, not general customer service only. If identity theft is involved, document every call and save every confirmation number. Expect to provide your member ID, policy number, and details of the suspicious activity.

Step-by-Step Recovery Plan

  1. Write down exactly what happened: date, time, website, phone number, email address, amount, account involved, and what information was shared. Note how you discovered the theft, such as an unexpected EOB or bill from a collection agency.
  1. Secure the account or document most closely connected to medical identity theft or exposure of health insurance, Medicare, Medicaid, or medical billing information. If the issue involves your email, secure email first because email often controls password resets for other accounts, including insurer portals.
  1. Change passwords from a trusted device. Use unique passwords at least 12 characters long with letters, numbers, and symbols. Turn on two-factor authentication (2FA). Prefer an authenticator app like Google Authenticator or Authy, or a hardware key for sensitive accounts like your insurer's portal.
  1. Contact the official organization that owns the account, card, phone number, identity record, or transaction. For health insurers like Blue Cross Blue Shield or UnitedHealthcare, use their verified fraud hotline. Ask for a case number and written confirmation of their investigation steps.
  1. Save proof in a folder: screenshots, statements, chat logs, payment confirmations, recovery emails, police reports, FTC or IC3 reports, and letters. Organize by date and include notes on each contact.
  1. If personal data was used or exposed, create or update an IdentityTheft.gov recovery plan and consider freezing credit at Equifax, Experian, and TransUnion. Medical ID theft can lead to fake debts showing on credit reports.
  1. If money was sent, ask the payment company immediately whether a cancellation, reversal, recall, dispute, or fraud claim is possible. Recovery is not guaranteed, but fast reporting can matter, especially for linked bank payments.
  1. Monitor related accounts for at least several months. Watch for new login alerts, statement changes, account openings, rejected tax filings, collection notices, or unfamiliar mail. Set up free credit report alerts from AnnualCreditReport.com.

Proof Checklist

  • Screenshots of messages, emails, pop-ups, websites, account alerts, or app screens.
  • Sender phone number, email address, username, profile link, or website URL.
  • Transaction ID, confirmation number, wire reference, check image, claim number, or case number.
  • Bank, card, payment app, phone carrier, DMV, insurer, IRS, or credit bureau letters.
  • Dates and times of calls, texts, logins, account changes, and transactions.
  • Names of representatives you spoke with and what they told you.
  • A copy of your FTC Identity Theft Report or police report if applicable.
  • Proof that you disputed the issue, such as certified mail receipts, secure messages, or portal confirmations.

Print or save digital copies in a secure folder on your computer or cloud storage like Google Drive with 2FA enabled. This proof helps if disputes go to collections or affect your insurance premiums.

Who to Contact

The correct first contact depends on the damage. For this topic, the most relevant contacts are: health insurance fraud department, Medicare if Medicare information was involved, HHS Office of Inspector General for Medicare fraud, IdentityTheft.gov, medical provider billing departments.

Always start with the organization that can stop the immediate harm, like halting fake claims. If a debit card, ACH transaction, or bank login is involved, call the bank first. If a credit card is involved, call the card issuer. If your phone number is involved, call your mobile carrier like Verizon or AT&T. If identity theft is involved, use IdentityTheft.gov. If an online crime caused financial loss, IC3 is often appropriate. If there is immediate danger, contact local emergency services.

When speaking with support, be direct. Say that you are reporting fraud, identity theft, unauthorized access, or unauthorized transactions. Ask what department handles that exact problem. Ask whether the account should be locked, closed, reissued, frozen, or flagged. Ask whether you need to submit a written statement. Ask how long the investigation normally takes and how you will receive updates. For Medicare, contact 1-800-MEDICARE (verified on Medicare.gov) for plan-specific fraud reporting.

Official Reporting Links

  • IdentityTheft.gov - use when your identity was used or personal information was misused.
  • FTC ReportFraud.gov - use to report scams, fraud, fake companies, and deceptive contacts.
  • FBI IC3 - use for internet-enabled crime, account takeover, wire fraud, cyber fraud, or large online losses.
  • CFPB complaint portal - use when a bank, credit card issuer, credit bureau, debt collector, or financial company does not handle your issue properly. Submit at consumerfinance.gov/complaint.
  • State attorney general or consumer protection office - use for state-level consumer fraud complaints. Find yours at naag.org.
  • Local police - use for theft, threats, stolen documents, a known suspect, or when a company asks for a police report.

File reports online where possible to get instant confirmation numbers. These create an official record that strengthens disputes with insurers or collectors.

Money Recovery Options

Money recovery depends on the payment method, timing, whether the transaction was unauthorized, and the rules of the financial product. Debit card, ATM, ACH, and many electronic transfers may involve Regulation E procedures, which require banks to investigate within 10 business days and possibly issue provisional credit.

Credit card billing disputes and unauthorized charges may involve different rules under the Fair Credit Billing Act, giving you 60 days to dispute. Wires, crypto, gift cards, and person-to-person transfers are often harder to reverse, especially if the user authorized the payment after being deceived.

Even when recovery is difficult, you should still report quickly because the bank or platform may be able to freeze funds, recall a transfer, investigate a receiving account, or document the fraud for future protection. When calling a bank or payment company, ask specific questions: Can this transaction be cancelled? Can a fraud claim be opened? Can a provisional credit apply? Can the receiving bank or account be contacted? Is a written statement required? What is the deadline? What confirmation number should I keep?

If the first representative gives a vague answer, politely ask for the fraud, disputes, wire, ACH, or executive complaint team depending on the transaction type. Never pay a private recovery service that guarantees a refund for an upfront fee. For medical billing fraud leading to out-of-pocket costs, dispute those separately with your insurer.

Account and Device Security Checklist

  • Change passwords for email, banking, payment apps, phone carrier, and any affected platform. Use a password manager like LastPass or Bitwarden for unique ones.
  • Turn on two-factor authentication and save backup codes securely in a physical safe.
  • Sign out of unknown sessions and remove unfamiliar devices or trusted browsers from your insurer's portal.
  • Check email forwarding rules, recovery email, recovery phone number, and connected apps in Gmail or Outlook.
  • Update your phone, browser, and computer operating system to the latest versions.
  • Remove suspicious apps, browser extensions, remote access tools, and configuration profiles.
  • Lock or replace compromised cards and change account PINs where needed.
  • Review recent logins and account changes for signs of wider compromise, especially linked health apps like MyChart.

Secure your primary email first, as it gates access to password resets for health portals, banks, and credit monitoring.

Credit and Identity Protection Steps

If your Social Security number, driver license number, medical insurance number, bank login, phone number, or date of birth was exposed, take identity protection seriously. A scammer may not use the information immediately. They may wait weeks or months, combine it with other leaked data from breaches like the Change Healthcare incident, or sell it to someone else.

This is why credit monitoring alone is not always enough. Consider placing credit freezes with all three nationwide credit reporting companies when new-account fraud is possible. A freeze helps prevent many new credit accounts from being opened until you lift the freeze. Contact Equifax (equifax.com), Experian (experian.com), and TransUnion (transunion.com) separately to set them up for free.

Fraud alerts are different from freezes. A fraud alert tells creditors to take extra steps to verify your identity. According to official consumer guidance, initial fraud alerts last at least one year, and extended fraud alerts can last seven years when you provide an identity theft report. A freeze gives stronger control over access to your credit file, while a fraud alert is easier to place because contacting one nationwide credit reporting company should notify the others. Many people use both after confirmed identity theft.

For medical ID theft, also request your medical records from providers to spot and correct false entries. This prevents issues like denied coverage for pre-existing conditions based on fake history.

What Not to Do

  • Do not delete messages, emails, call logs, or transaction records before saving proof.
  • Do not keep communicating with the scammer to gather more information if it exposes you to more manipulation.
  • Do not share one-time codes, PINs, passwords, recovery keys, or full account numbers with anyone who contacted you unexpectedly.
  • Do not rely on a phone number from a text, sponsored search result, forum comment, or pop-up.
  • Do not pay a recovery company that guarantees results or asks for crypto, gift cards, or wire payment.
  • Do not ignore mailed notices, collection letters, tax notices, insurance statements, or credit report changes.
  • Do not assume one report fixes everything. You may still need to contact banks, credit bureaus, platforms, insurers, and government agencies separately.

Ignoring EOBs or bills can lead to collections damaging your credit, even if the services were fake.

Recovery Scam Red Flags

After a scam or identity theft incident, victims are often targeted again. A recovery scammer may claim to be a lawyer, bank investigator, government agent, hacker, crypto recovery expert, or refund specialist. They may say they already found your stolen money and only need a processing fee. They may use official-looking documents or fake case numbers.

Real government agencies do not ask you to pay with gift cards, crypto, or wire transfers to unlock a refund. Real banks do not need your password or one-time code to investigate a claim.

  • Guaranteed refund or guaranteed account recovery.
  • Upfront fee before any real service or official process.
  • Request for crypto wallet seed phrase, banking password, or remote access.
  • Claim that you must keep the recovery secret from your bank or family.
  • Pressure to move quickly before a fake deadline.
  • Government or law enforcement impersonation combined with a payment demand.

Block and report these contacts immediately.

Script or Template

Use this script when contacting a bank, platform, government office, insurer, credit bureau, or support team:

"Hello, I am reporting a possible fraud or identity theft issue. My health insurance information may have been used without permission. I need the claim reviewed, a copy of records connected to the claim, and instructions for correcting inaccurate information. The incident happened on [date]. The affected account, transaction, document, or profile is [details]. I have screenshots and supporting records. Please tell me what steps you are taking now, what documents you need from me, whether the account should be locked or replaced, and what case number I should use for follow-up."

If you are filing an FTC, IC3, police, or company report, use clear factual language. Avoid guessing about the scammer's identity unless you know it. Include dates, payment method, amount, websites, phone numbers, email addresses, usernames, bank names, platform names, tracking numbers, and what you already did to secure the account. Keep a copy of every report.

Timeline: First 10 Minutes, Today, This Week

First 10 minutes

  • Stop communication.
  • Take screenshots.
  • Lock the card/account if possible.
  • Write down the exact time and what happened.

First hour

  • Contact the bank, platform, carrier, insurer, or agency that can stop the immediate harm.
  • Change passwords from a safe device.
  • Ask for a case number.
  • Start a proof folder.

Same day

  • File FTC, IdentityTheft.gov, IC3, or police reports if appropriate.
  • Review related accounts.
  • Freeze credit or place fraud alerts if personal information was misused.
  • Warn contacts if your account was used to message others.

This week

  • Follow up on claims.
  • Review credit reports and statements.
  • Replace compromised cards or documents.
  • Watch for recovery scams and additional account alerts.

Extend monitoring if medical records were altered, as effects can linger in insurance databases.

FAQs

Q: Can I get my money back? A: Possibly, but it depends on payment method, timing, whether the transaction was unauthorized, and the rules of the bank or platform. Report quickly and ask for a written claim or case number.

Q: Should I file a police report? A: File one if there is theft, threats, stolen documents, a known suspect, large loss, or a company asks for it. For identity theft, an FTC Identity Theft Report can also be important documentation.

Q: Should I report to the FTC or FBI IC3? A: Use FTC ReportFraud for scams and deceptive practices. Use IC3 for internet-enabled crime, cyber fraud, account takeover, wire fraud, or online financial loss.

Q: What if I only clicked a link but entered nothing? A: Close the page, do not enter information, clear suspicious downloads if any, and monitor accounts. If you entered credentials or payment details, take stronger action.

Q: Should I freeze my credit? A: Consider it when your Social Security number, date of birth, driver license, or other identity data may be used to open new accounts. You must freeze separately with each nationwide credit reporting company.

Q: How long should I monitor my accounts? A: Monitor closely for at least several months, and longer if Social Security number, tax data, medical information, or bank login details were exposed.

Q: What if the company denies my claim? A: Ask for the denial reason in writing, submit missing proof, escalate to a supervisor or complaint department, and consider CFPB, FTC, IC3, state attorney general, or bank regulator options depending on the issue.

Q: Can I trust a recovery service? A: Be very cautious. No legitimate private service can guarantee recovery of scam losses, and many recovery offers are themselves scams.

Sources and Verification Notes

Verification note: Digital safety rules and company processes can change. Before taking action on a specific account, verify current procedures directly with the official bank, credit bureau, government agency, insurer, phone carrier, or platform. Avoid unofficial support numbers found in ads, comments, or suspicious messages.

Disclaimer

This guide is for general information only. It is not legal, financial, cybersecurity, tax, medical, or emergency advice. For urgent threats or danger, call 911 or local law enforcement. For financial loss, contact your bank, card issuer, payment app, insurer, carrier, or the relevant official agency as soon as possible. Recovery is not guaranteed, and your rights may depend on facts, timing, account type, payment method, and applicable law.

TDL Expert Panel editorial team for TheDigitalLife

About the TDL Expert Panel

TDL Expert Panel · TheDigitalLife Editorial Team

TDL Expert Panel is the editorial team behind TheDigitalLife. The team researches, reviews, and creates practical guides to help everyday readers make better decisions about home repair costs, refunds, AI tools, digital safety, productivity, and useful online resources. Each guide is written to be clear, useful, and easy to understand.