Focused guide

Medical Identity Theft via Email

How phishing emails targeting healthcare portals and insurance accounts enable fraudsters to steal medical identities, obtain prescriptions, and submit fraudulent insurance claims.

Part of: Medical Identity Theft

Last reviewed: 8 June 2026

Medical identity theft involves someone using your personal details to access healthcare services, obtain prescriptions, or submit insurance claims in your name. While breaches of healthcare databases are one major source, a significant number of medical identity thefts begin with a phishing email that tricks the target into handing over their patient portal login credentials, insurance member ID, or enough personal information to impersonate them with a healthcare provider.

The consequences of medical identity theft extend well beyond financial loss. A fraudster who obtains care in your name may alter your medical records, create dangerous inaccuracies about your blood type, allergies, or conditions, and potentially affect future care decisions based on corrupted data.

This guide covers how medical identity theft is initiated by email and what the signs of compromise look like.

How this scam works on email

The email impersonates a healthcare provider, hospital system, health insurer, or government health program. It may state that a bill is outstanding, that a prescription refill requires confirmation, or that the target's health insurance account needs to be updated or face suspension. A link leads to a convincing fake patient portal login page.

Entering credentials on the fake page hands them to the attacker, who then uses them to access real patient portal systems. Once inside a genuine patient account, the attacker can view prescription history, request prescription transfers, access insurance details including member ID numbers, and in some systems submit referral or claim requests.

In a separate pattern, the email does not seek a login but instead collects enough data — full name, date of birth, health insurance member ID, and sometimes Medicare or Medicaid numbers — through a fake 'account verification' form to impersonate the victim directly with healthcare providers or insurers.

Common red flags

Email requests your insurance member ID, Medicare number, or patient portal password
Urgent threat that your insurance will be suspended or a bill will go to collections if you do not click a link
Patient portal login page reached via email link rather than your normal bookmark
Unexpected explanation of benefits showing services you did not receive
Prescription refill or transfer confirmations you did not initiate
Medical bills for treatments you have no record of receiving

How to protect yourself

Access patient portals only through your usual bookmarks or by typing the provider's known web address
Enable two-factor authentication on all patient portal and insurance accounts
Review your explanation of benefits statements carefully for unfamiliar services or providers
Request a copy of your medical records annually and review for entries you do not recognise
If you receive unexpected medical bills, contact the provider and your insurer immediately

How to report it

Report to the FTC at reportfraud.ftc.gov and follow their medical identity theft guidance
Contact your health insurer's fraud department to alert them and request a review of your claims
File a complaint with the Office for Civil Rights (US) regarding healthcare privacy violations
Contact your healthcare providers directly to place a notation in your records flagging the fraud

Frequently asked questions

How do I find out if my medical identity has been stolen?

Review your explanation of benefits from your insurer regularly, request your medical records from providers you use, and check whether any providers have you listed as a patient when you have not visited them. Unexpected medical bills or debt collection notices are also warning signs.

Can medical identity theft affect my actual medical care?

Yes. If a fraudster receives care in your name, their medical history — including diagnoses, medications, and allergies — can be added to your records, potentially creating dangerous inaccuracies that affect future treatment decisions.

How this scam works on email

Common red flags

Email requests your insurance member ID, Medicare number, or patient portal password

Urgent threat that your insurance will be suspended or a bill will go to collections if you do not click a link

Patient portal login page reached via email link rather than your normal bookmark

Unexpected explanation of benefits showing services you did not receive

Prescription refill or transfer confirmations you did not initiate

Medical bills for treatments you have no record of receiving

How to protect yourself

Access patient portals only through your usual bookmarks or by typing the provider's known web address

Enable two-factor authentication on all patient portal and insurance accounts

Review your explanation of benefits statements carefully for unfamiliar services or providers

Request a copy of your medical records annually and review for entries you do not recognise

If you receive unexpected medical bills, contact the provider and your insurer immediately

How to report it

Report to the FTC at reportfraud.ftc.gov and follow their medical identity theft guidance

Contact your health insurer's fraud department to alert them and request a review of your claims

File a complaint with the Office for Civil Rights (US) regarding healthcare privacy violations

Contact your healthcare providers directly to place a notation in your records flagging the fraud

Frequently asked questions

How do I find out if my medical identity has been stolen?

Can medical identity theft affect my actual medical care?