Medical billing scams after breaches are fraudulent charges that appear on patient bills following a data breach of personal health information. These scams exploit the chaos and confusion that follows a breach announcement—when patients are worried about their compromised information and may not scrutinize their bills as carefully as usual. Scammers use stolen medical records to create false charges for services never rendered, prescription medications not dispensed, or inflated charges for legitimate services.
For example, after the 2015 Anthem Blue Cross breach affecting 78 million people, thousands of patients reported fraudulent medical bills and insurance claims appearing months later, often from out-of-network providers or entirely fabricated medical facilities. Recognizing these scams requires understanding how breached data enables billing fraud and knowing what red flags to watch for on statements. Scammers don’t just use breached information randomly—they strategically target medical identities because healthcare fraud is often harder to detect than credit card fraud, takes longer to investigate, and can damage credit scores when fraudulent bills go to collections. The average medical identity theft victim spends 200 hours resolving the fraud, according to the Healthcare Financial Management Association.
Table of Contents
- What Happens to Your Medical Information During a Breach?
- Common Types of Medical Billing Scams After Breaches
- Red Flags That Signal Post-Breach Billing Fraud
- Steps to Take When You Suspect Medical Billing Fraud
- Protecting Your Medical Identity After a Breach
- Dealing with Collections and Credit Reporting
- The Evolving Landscape of Post-Breach Fraud
- Conclusion
- Frequently Asked Questions
What Happens to Your Medical Information During a Breach?
When a healthcare provider, insurer, or medical records vendor experiences a breach, criminals gain access to a comprehensive profile that includes your full name, Social Security number, date of birth, insurance policy numbers, Medicare or Medicaid numbers, and medical history. This information is far more valuable than credit card data because it enables fraud at multiple points in the healthcare system. A scammer can use your identity to open accounts with new providers, submit insurance claims, or bill directly to you as an uninsured patient. Unlike credit card fraud, which financial institutions monitor automatically, medical fraud often slips past initial detection because it’s embedded within the legitimate healthcare billing system.
The criminal’s advantage is timing and knowledge. They know from the breached data exactly what insurance you carry, which doctors you’ve seen, and sometimes even what conditions you’re being treated for. This allows them to craft fraudulent charges that seem plausible given your medical history. A patient who was recently treated for knee pain might suddenly receive bills for physical therapy they never attended, or charges from orthopedic specialists they never visited. The breach also gives criminals access to authorization codes and policy numbers needed to submit claims directly to insurers, bypassing the patient entirely—you discover the fraud only when reviewing an explanation of benefits or when a debt collector calls.

Common Types of Medical Billing Scams After Breaches
The most prevalent post-breach scams involve phantom medical services—charges for procedures, office visits, or treatments that never occurred. These appear on bills weeks or months after the breach is discovered, making it harder to trace when the information was actually compromised. A patient might receive a bill from a durable medical equipment company for a wheelchair they never ordered, or from a diagnostic imaging center for an MRI they never had. The limitation with detecting these scams is that many patients don’t review detailed medical bills carefully, especially those with insurance coverage that pays the provider directly, so fraudulent charges can accumulate before discovery. Prescription fraud represents another growing category.
Scammers use stolen medical information to fill prescriptions at pharmacies under the patient’s name, sometimes selling the medications to resellers or using them personally. After the 2017 Equifax breach, reports surged of fraudulent prescription fills showing up in pharmacy records. Insurance fraud variations involve criminals submitting claims to insurers directly—requesting reimbursement for services on behalf of stolen identities. Some scams target the financial aspect directly: scammers bill patients as self-pay for inflated amounts, betting many won’t verify whether they actually received the service. A critical warning: medical billing fraud damages credit scores when unpaid bills go to collections, and it pollutes your medical record with treatment history that never happened—creating complications for future legitimate medical care.
Red Flags That Signal Post-Breach Billing Fraud
Unexpected medical bills arriving weeks after a breach announcement should trigger immediate investigation, especially bills from providers you don’t recognize or services outside your typical care patterns. If you’ve been treated only by a dermatologist but suddenly receive bills from an orthopedic clinic, a cardiologist, or a physical therapy center you never visited, this is a strong fraud indicator. Review all explanation of benefits documents from your insurer carefully—these often show fraudulent claims before bills arrive. Compare dates too: if a bill claims you received services on a day when your calendar shows you were out of state or on vacation, that’s definitive evidence of fraud. Look for patterns that don’t match your medical history.
The clearest red flag is duplicate bills for the same service—if you’re billed twice for the same office visit or procedure on the same date, one is almost certainly fraudulent. Cross-reference bills with your own medical records and appointment calendar. Another warning sign is bills from out-of-network providers you never authorized, especially if you primarily use in-network care. Scammers sometimes exploit patients’ unfamiliarity with how medical billing works by using official-sounding facility names that closely resemble legitimate providers. One patient reported being billed by “Mercy General Orthopedic Associates” when her actual provider was “General Mercy Hospital”—the scammers knew her care history and crafted a credible-sounding name.

Steps to Take When You Suspect Medical Billing Fraud
Begin by contacting your healthcare provider directly using the phone number on your insurance card or appointment records—never use numbers from the suspicious bill, as scammers sometimes include fake contact information. Verify whether you actually received the service billed. Request an itemized bill showing the diagnosis code, procedure code, and dates of service, then cross-reference these details with your medical records. Most legitimate providers will provide this information quickly and can confirm whether the charge is valid.
File a complaint with your insurance company simultaneously with your investigation of the provider. Provide copies of the bill and a written explanation that you did not receive the service. Your insurer typically has 30-60 days to investigate fraud claims and has incentive to do so quickly since they may be liable for paying fraudulent claims. A practical tradeoff: filing with insurance takes more time than simply ignoring the bill, but it’s essential because unpaid fraudulent bills can damage your credit and pollute your medical record. If you’re billed as a self-pay patient (not through insurance), contact your state’s medical board and the provider’s billing department in writing, keeping copies of all correspondence.
Protecting Your Medical Identity After a Breach
Once your medical information is compromised, you’re at elevated risk not just for immediate billing fraud but for ongoing misuse. Consider placing a fraud alert with the major credit bureaus, which requires creditors to verify your identity before opening new accounts—this is more effective than simply monitoring credit reports. More comprehensive is a credit freeze, which completely prevents new accounts from being opened in your name, though you’ll need to temporarily lift it when you apply for credit yourself. A critical limitation of credit monitoring is that it doesn’t protect your medical identity specifically. Medical identity theft operates independently from credit fraud and requires separate vigilance.
Many breach settlements now include free credit monitoring for years, but this monitors financial accounts, not healthcare fraud. The real protection lies in actively monitoring medical bills and claims. Request a copy of your medical record from each provider you see, looking for treatments or diagnoses you don’t recognize. Your right to access medical records is protected under HIPAA—providers must provide these usually within 30 days of request. Warning: don’t assume old breaches are behind you; criminals sometimes hold stolen data for months or years before using it, so remain vigilant for 18-24 months after a breach announcement.

Dealing with Collections and Credit Reporting
If fraudulent medical debt goes unpaid, it will eventually be sold to collections agencies, at which point they’ll begin contacting you and reporting the debt to credit bureaus. This is where the damage extends beyond the fraud itself—collections accounts harm credit scores significantly and remain on reports for seven years. When a collections agency contacts you about medical debt you don’t recognize, respond in writing (certified mail with return receipt) within 30 days demanding verification that the debt is valid. Under the Fair Debt Collection Practices Act, collectors must prove the debt is legitimate before continuing collection efforts.
If you find medical debt already on your credit report from fraudulent charges, file a dispute with the credit bureau reporting it. Provide documentation showing the charges are fraudulent and evidence from the provider or insurance company confirming you didn’t receive the services. The credit bureau typically has 30 days to investigate and must remove unverifiable items from your report. An example: one patient discovered a $4,500 radiology bill on her credit report from a facility 200 miles away, collected by an agency 18 months after a breach. She sent the credit bureau a letter from the radiology center’s billing department confirming no record of her receiving services, and the entry was removed within 45 days.
The Evolving Landscape of Post-Breach Fraud
Healthcare organizations are strengthening security in response to rising breach rates—the number of healthcare data breaches increased over 40 percent between 2020 and 2023 according to the HHS breach notification portal. However, the scale of exposed data is growing faster than security improvements. This means post-breach medical billing fraud will likely become even more common in coming years. Simultaneously, healthcare providers are improving fraud detection systems, training billing staff to identify suspicious charges, and working more closely with law enforcement on fraud investigations.
Patients are also gaining better tools. Many insurance providers now offer mobile apps allowing real-time claim monitoring, and some healthcare systems are implementing blockchain-based medical records that can’t be altered without the patient’s knowledge. However, these advances are unevenly distributed—smaller practices and rural healthcare systems often lack sophisticated fraud detection, making them more vulnerable to exploitation. The future of protection lies not just in better technology but in patients remaining actively engaged with their medical records and billing, especially in the months and years following a breach.
Conclusion
Recognizing medical billing scams after breaches requires vigilance, knowledge of common fraud tactics, and proactive review of medical bills and insurance documents. The most important action is catching fraud early—fraudulent charges are easier to dispute before they reach collections. Begin monitoring immediately after any breach announcement, don’t assume bills are legitimate just because they’re presented professionally, and verify unfamiliar charges directly with your provider using phone numbers you find independently rather than those on the suspicious bill.
If you discover fraudulent charges, act quickly by contacting your provider, filing a claim with your insurer, and requesting itemized records that document the false charges. Document everything in writing and keep copies. While the time investment is significant—a full fraud resolution can consume 20-40 hours of your time—the alternative is far worse: damaged credit, a polluted medical record, and potentially years of collection agency harassment. The healthcare system relies partly on patient vigilance to catch fraud, so your careful review of medical bills protects not just your own identity but helps identify criminal networks exploiting the breach data.
Frequently Asked Questions
How long after a breach should I watch for fraudulent medical bills?
Monitor actively for at least 18-24 months following a breach announcement. Criminals sometimes hold stolen data before using it, and fraud can appear long after the initial breach. Some healthcare fraud experts recommend ongoing vigilance indefinitely since medical records can be resold multiple times in criminal marketplaces.
Can I refuse to pay a fraudulent medical bill?
Yes, if you can prove the charges are fraudulent. However, if left unpaid, the bill will likely be sent to collections and damage your credit. Rather than refusing payment, immediately dispute the charges with both your provider and insurance company, which is the proper legal process.
Will my insurance cover medical services billed by scammers using my identity?
Typically, no—insurers have fraud investigation processes and will deny claims for services you didn’t receive once fraud is confirmed. However, if the fraudulent claim was paid before you discovered it, you may be entitled to reimbursement after proving the fraud.
Should I place a credit freeze after a medical data breach?
A credit freeze provides good protection against opening new accounts in your name, but it doesn’t prevent medical billing fraud specifically. Many people use both credit freezes and active medical record monitoring for comprehensive protection.
How do I know if a provider is legitimate when I receive an unexpected bill?
Call your insurance company using the number on your insurance card and ask if they have a record of claims from that provider. You can also search state medical board websites to verify whether the provider is licensed. Never call numbers appearing on suspicious bills.
