The healthcare information sector has become a prime target for cybercriminals. And why not? It is a repository of our most valuable personal information. Recent high-profile data breaches, such as the massive incident at Change Healthcare affecting an estimated 190 million[1] individuals, or the Yale New Haven Health breach impacting 5.6 million[2] people, underscore a stark reality: compromised health information is not just a privacy violation; it’s a direct gateway for fraudulent claims that can wreak havoc on individuals, payors and the entire healthcare system.
Unlike a stolen credit card, which can be quickly canceled, a stolen medical record is a long-term asset for fraudsters. It contains valuable information about us that doesn’t change – names, dates of birth, Social Security numbers, medical history, diagnoses, and even prescription information. So, once it’s out there, it’s out there. This comprehensive identity profile is extremely valuable on the dark web, selling for hundreds of dollars per record allowing criminals to exploit the healthcare system.
How Breached Health Data Fuels Fraudulent Claims
The pathways from a health data breach to fraudulent claims are numerous and increasingly sophisticated. The most direct and dangerous consequence is medical identity theft. Stolen patient information can be used to receive medical care, fill prescriptions or obtain medical equipment. Can you imagine having treatment records and diagnoses permanently attached to your medical history that weren’t yours? Or what if you needed services but your policy limits were already reached? Or controlled substance prescription medications that were fraudulently dispensed under your name?
Beyond identity theft is insurance fraud. Armed with health insurance policy numbers and personal details, phantom providers can file claims directly with insurance providers for fabricated services or equipment. These schemes can involve networks of dishonest medical professionals or organizations who collude with the criminals. But many times, they are phantom providers who will bulk submit claims to payors and will continue until the payments stop. If you have gaps in your claims editing systems, prepayment or Postpayment analytics, it could be a huge financial hit in a short period of time.
What to Look For?
Being able to quickly identify phantom providers or fraudulent claims is imperative. An increase in claim volume from new providers or dormant providers is a great place to start – especially if that provider is not participating with your plan. High frequency billing of durable medical equipment (DME) is another area to monitor. However, one of the key areas of importance is staying informed. Knowledge and collaboration are key to staying ahead of fraudulent billing.
HCFS has you covered!
If you’re using the HCFSPlatform™, we have you covered. We have several artificial intelligence (AI) models and alerts that quickly identify overutilization in DME billing and spikes in billing. In addition, if you’re using our Shared Analytics™ feature you’re even more covered with near real-time insights within a cross-client data consortium. Shared Analytics™ alerts and insights have proven to be beneficial in staying ahead of phantom providers and emerging schemes. In addition to our Shared Analytics™ alerts, basic AI models and respective company data will also uncover these schemes including:
- AI anomalous detection models on all claims including DME claims
- New provider insights
- DME outliers related to items such as orthotics (for example, L1852-Knee Orthosis, L3916-Wrist Hand Orthosis, L0486-Thoracic-Lumbar-Sacral Orthosis and so much more)
The fight against health information data breaches and subsequent fraudulent claims requires a multi-faceted approach. As cybercriminals continually innovate their tactics, our collective defense must also evolve to safeguard one of our most vital assets: our health and identity.
If you’re interested in knowing more about Shared Analytics, email us at [email protected]. If you have questions or comments about this article, email us at [email protected].
[1] https://www.forbes.com/councils/forbestechcouncil/2025/04/01/one-year-later-cybersecurity-lessons-from-change-healthcare-breach/
[2] https://www.healthcaredive.com/news/yale-new-haven-health-data-breach-5-6-million/746236/
HCFS is solely dedicated to providing an efficient, user-friendly solution that incorporates Artificial Intelligence, Pre-pay, Post-pay, Querying, Case Management and Shared Analytics all in ONE integrated platform. Ask about AUDITPLUS – auditing, SVRS, record retrieval and more! Ask about our HCFS Services (record reviews, data mining, you name it!) Click HERE if you want to see a demo!