Medical Identity Theft via Phone Calls
How callers impersonating healthcare providers, insurers, and government health programs extract insurance member IDs and patient credentials that enable medical identity theft.
Part of: Medical Identity Theft
Last reviewed: 9 June 2026
Medical identity theft initiated by phone call is distinct from email-based versions because the caller can present themselves as a caring, competent healthcare administrator who is acting in the patient's interest. The conversational format allows them to answer questions reassuringly, adapt to the patient's level of suspicion, and frame the request for sensitive information as a routine administrative necessity that the caller will handle on the patient's behalf.
This approach is particularly effective with older adults and people who regularly manage complex healthcare needs. When a caller understands the terminology of healthcare administration — plan IDs, coordination of benefits, prior authorisation codes — they can conduct an interaction that sounds entirely legitimate to someone who deals with these systems regularly.
This guide focuses on the specific techniques used in phone-based medical identity collection and the exact information that callers should never be given.
How this scam works on phone calls
The caller identifies as a representative from the patient's insurer, a healthcare provider's billing department, or a government health program such as Medicare. They may reference a specific plan by name or mention a recent healthcare event the target has experienced, data that can be obtained from data breaches or purchased lead lists.
The caller states they need to update records, verify benefit eligibility, or process a claim, and requests the insurance member ID, Medicare or Medicaid number, group number, and often the patient's Social Security number and date of birth. The information gathered is a complete medical identity package enabling fraudulent claims submission, prescription acquisition, and synthetic identity construction.
In some cases the caller requests the patient's patient portal login credentials, citing a system migration or account verification need. These credentials give the attacker direct access to the patient's full medical history, prescription records, and insurance information.
Common red flags
- Caller requests Medicare or Medicaid number, insurance member ID, and Social Security number in the same call
- Claim that insurance benefits will be suspended if records are not verified today
- Request for patient portal login credentials for any stated reason
- Caller references a healthcare event but the details are vague or incorrect
- Insurer or provider cannot be verified when you call their published number independently
- Call is about a new benefit, coverage update, or free equipment that you were not expecting
How to protect yourself
- Never provide insurance or medical details to an inbound caller — call the organisation back on a number from their official website or the back of your insurance card
- Never share patient portal credentials with anyone, including people claiming to be from your provider
- Review your explanation of benefits regularly for services you did not receive
- Set up two-factor authentication on all patient portal accounts
- If you have provided credentials or numbers, contact your insurer's fraud department and your providers immediately
How to report it
- Report to the FTC at reportfraud.ftc.gov
- Contact your insurer's fraud department with a full account of the call
- Report Medicare fraud to 1-800-MEDICARE or the HHS OIG at 1-800-HHS-TIPS
- Place a fraud alert with the major credit bureaus if sensitive personal data was shared
Frequently asked questions
Why would a fraudster want my insurance member ID specifically?
An insurance member ID, combined with your name and date of birth, is sufficient to submit fraudulent claims for medical services that were never provided. It can also be used to obtain prescription medications by impersonating you at a pharmacy.
My insurer called me about my plan. How can I verify it is genuine?
Hang up politely and call the member services number on the back of your insurance card or on the official insurer website. Genuine representatives will understand this precaution and the information will be available when you call back.