Tax Return Fraud Scheme Targets Docs
April 24, 2014: From FierceHealthPayer.com
Several states experienced a spike in tax fraud cases against medical professionals this year, leading to theories of a data breach at a national organization that provides certification or credentials for doctors, KrebsOnSecurity reported.
When physicians in 10 U.S. states attempted to submit their federal returns electronically, they found out someone already used their personal information, including Social Security Numbers, to file them.
Victims of federal- and state-level fraudulent returns have turned up in Indiana, Massachusetts, Maine, New Hampshire, South Dakota, Iowa, North Carolina, Colorado, Connecticut and Vermont, according to CSO.
More than 110 doctors, physician assistants and nurse practitioners in New Hampshire have come forward as tax fraud victims, New Hampshire Medical Society Executive Vice President Scott Colby told KrebsOnSecurity. In North Carolina, the state medical society has received reports of tax fraud from more than 100 doctors and medical practice managers.
Some initial speculation connected the recent release of Medicare payment data and national providers identification (NPI) numbers for 825,000 physicians to the tax identity scams, but the Centers for Medicare & Medicaid Services has long made NPIs available to the public, KrebsOnSecurity noted.
While the source of a breach remains unknown, the use of patient data and the medical professionals’ details points to a national insurance agency as a possible source of the data compromise, according to CSO.
Healthcare professionals at the University of Pittsburgh Medical Center were also hit by a tax return scam. Earlier this week, UPMC said the personal information of nearly 27,000 employees might be in jeopardy following tax fraud conducted by identity thieves. No patient information was breached but so far 788 employees have been the victims of tax fraud.
The spike in identity thefts in healthcare can be linked HIPAA violations by rogue employees, because many companies either don’t know what their people are up to or aren’t using tools to monitor staff effectively.