What physicians should do to prevent identity theft

As technology advances, more and more people are getting their identity stolen. Who are among those people? Physicians.

In a recent interview, Mark A. Moyad, MD, MPH, discusses his personal experience with identity theft and why health care professionals should pay more attention to this topic. Specifically, he gives tips on how to protect your identity and shares free tools you can use to secure your personal information. Moyad is the director of preventative/complementary and alternative medicine in the department of urology at the University of Michigan Medical Center in Ann Arbor, Michigan.

What prompted your interest in identity theft?

I work in this area of preventive and alternative medicine, and the whole idea is you want to prevent something before it happens. I've been teaching for 25 years on the idea of essentially allowing people third-party access; in other words, allowing people to test your product for quality control. We have all these third-party access quality control labels. So, if it's on a supplement or a product over the counter on a website, that means they've had access to the product, they've tested it, and what they're advertising on the bottle is actually in the pill itself. So, our whole thing, including with CBD and marijuana, is, "You need third-party access, you need third-party access. Let everybody have third-party access." Part of the theme of today's talk is [that] in your personal life, you want no third-party access. Zero. In your professional life, you want all the third-party access in the world. So, I live in this tale of 2 cities. Professionally, I'm teaching people [that] you got to have third-party access to have clean products. But, personally, the message of today is you don’t want any third-party access unless you allow it.

And so, how I got involved in this, in learning this basic teaching lesson, is I was actually on my way to [give] a talk at the AUA in 2017 in Boston. And without giving you a 2-hour therapeutic session, everything that week started to come apart. Everything. I ultimately learned that I was a part of this major identity theft ring. See, people equate identity theft with 1 event. “Someone tried to file their taxes in my name to try to get the refund,” right? Or “Someone is trying to get my phone.”

What these new rings [are] doing—I had a conversation with an individual from the FBI, with different people in the police department, [and] there was 1 person arrested who's still in jail for several years— [are trying] to maximize damage within a week. So, they hire anywhere from 5 to 10 people to be you within 1 week [and] by the time you figure it out, they've damaged or stolen your identity on every single level from A to Z, whether that's phone, whether that's credit cards, whether it's changing your address. Identity theft has changed, and I was a victim of that. I still have my notice from the police department that said, "You were a victim of identity theft. This is where you have to appear in court." I thought identity theft was simple. You fix this 1 little thing. Today, what physicians and health care professionals need to be on the lookout for is [that] it's much different. It's now a part of a major crime ring in certain cities, where they will maximize damage to you all in a week. And it could take you years, if not the rest of your life, to try to work on fixing it. I personally had the largest breach of any person in health care I'd ever met. Lucky me. What I learned in this horrible process of spending, with my wife, hundreds of hours trying to clean it up is that most of the things I'm learning [were things] I was never taught on any level. I complained about it constantly for years: "I can't believe we didn't get this as an introduction to employment. I can't believe we don't go to the AUA and hear this lecture." Then I started thinking, "Well, why would they offer it unless somebody brings up the idea that this is important?" I took it as a mission that I'm going to do the first talk on it. I know it's a long answer to a short question, but my interest is simple. I work in the area of preventive and alternative medicine. I want to prevent things from happening, so if I really want to practice what I preach, I've got to let people know what happened to me and what I learned from it. That's why we're here, which makes me happy.

Can you describe the scope of the problem of identity theft among the medical profession?

Nobody talks about it. You go to a medical meeting, or you talk to your colleagues at work. For example, when I did the talk at Michigan, all these people came up to me afterwards and said, "I was hit by this, I was hit by that." That's been my experience for 3 years. I'll go travel to any meeting, even before COVID, and I would bring it up and say, "That happened to me, or credit cards in my name happened to me, or somebody was charging this." And so, to me, it's one of the quietest crimes happening out there that is not getting enough attention. Where it's getting attention in medicine is for medical data breaches. So, there have been massive medical data breaches over the past several years. Major medical centers have experienced breaches. Private practices—breaches. And what's happening is that's dominating the headlines. Behind that headline is the fact that [underneath] those breaches, is not just major medical centers, but individuals getting breached at the medical center. Even though I could give you a statistic from all the top government agencies that medical breaches are the most attractive types of ID theft, no one's mentioning that the individuals behind those breaches—I'm not just talking about patients, I'm talking about the health care professionals—are targeted, too. And when you really think about it, and this is what I titled my Grand Rounds speech, it really is the perfect storm. Health care workers, physicians, and ID theft is the greatest perfect storm that I think is getting virtually no attention. The reason is simple. Our entire lives are online. You can find out my dog's name online. I'm not kidding. Our entire lives are online, so much so that one time I was at a meeting, and I got up as a joke, and I started telling everything about the history of 1 of the speakers. The speaker was shocked, and said, "Where did you learn all this?" I said, "I just had to do some digging online." Also, we're really good at getting loans. People want to give us loans. They want to give us credit, right? I probably had 5 different state IDs in my name. Like I said, at last count, it was 7 or 8 people trying to be me all in 1 week, 1 of them arrested, 1 of them still in jail. But all this is online; people want to give us money because we generally have dependable jobs with good credit history. So, it creates a perfect storm if you're not watching the farm, so to speak.

Could you provide a brief overview of your talk on identity theft that was presented in November as part of the University of Michigan’s 2021 Grand Rounds series? What are some specific implications of identity theft for physicians?

What I said during the presentation, besides it being the perfect storm, is that we just got to go through some basics of why you should be nervous. I hate this 'Scared Straight’ tactic, but truthfully, this is the area where if you don't use the 'Scared Straight' tactic, then you're not being honest with your audience. So, what I decided to do is experiment, for example, at some banks. I would go, "Hey, if I have an identity breach, what covers me?" The most common answer I would get when just randomly walking into credit unions or some banks was FDIC. I mean, everyone's heard about FDIC insurance, right? [Well,] they don't cover any of that. It's this idea that they might cover you for identity [theft, but] that's not what FDIC insures. It insures something very different. The truth of the matter is [that] your coverage of identity theft only goes so far as the individual institution to buy insurance to cover that identity theft, and to have in place a policing system that helps protect you in case it happens. [This means that] 1 of the first things you should realize is that you are only as good as the bank, credit union, or investment firm that you personally interview. When you interview them, you say, "If there's an identity breach or identity theft, how much am I covered? You must have insurance for it. How much does that cover me? And if it covers me or not, and it happens, what's the process that I have to go through to not only clear my name, but to get my money back?" This is how I started my talk because people need to understand that every single day we put money or finances in institutions, we work possibly with financial advisors, but the topic never comes up as to if the worst case scenario happens, which is happening all the time, how am I covered?

One of the rules I mentioned in the introduction is this is 1 area that I've noticed that you are completely guilty until proven innocent. You have to prove that you aren't tied to that identity theft ring. I had collection agencies coming to me for thousands of dollars, calling my house, harassing me, and I'm saying, "That wasn't me," and they're saying, "Tough luck, buddy. This has got your name on it. Somebody took out 10 cell phones..." This is no joke. "10 cell phones at 1 store, and you owe X money." And so, I had to start from the beginning, working through the lines of the company. "Who do I call? Who do I send paperwork [to]?" and every company is different. Now what I do is realize that there's nobody to protect you from identity theft, truly, except you. And when you're putting your money or your credit line somewhere, you need to interview those people, [asking,] "If I get my identity stolen, what can I do overall?" That's how I started it. Where I focused, where I think everybody [listening to] this interview needs to focus, is a handout I gave, and I have it down here. I got this offline: annualcreditreport.com. If you want to start to protect your identity, first find out what all the major 3 credit reporting agencies have on you in terms of your credit history. By federal law—this is the great part; there's all these federal programs that help support you that you don't realize until you've been affected—if you go to annualcreditreport.com, you can either fill it out online or get a piece of paper, there are 3 major national credit reporting agencies that control your whole life when it comes to your history and your credit. What you want to do ASAP before the holidays is you fill out the information, and you send it in and request a credit report from each of the credit reporting agencies that own part of your life. When I grew up, the “big 3” were the big 3 automakers. We would say, "Ford, Chrysler, GM." To me, today, in terms of health care workers, the big 3 means the credit reporting agencies, right? Equifax is 1 of the major 3. They're in Atlanta. Experian is in Allen, Texas. This is sad how much I happen to know this off the cuff. And TransUnion happens to be in Chester, Pennsylvania. There's a place here at the bottom where you request your personal credit report. Remember, this is free and not enough people access this. Some people would say less than half Americans even do this once. Some reports say 90% of the people don't do it every year. You fill these in, you send it in, and within several weeks, you get your name and your full credit report of what they have on you.

Now, a recent study by Consumer Reports shows that at least 1 out of every 3 credit reports requested are wrong in terms of some of the information there, which is what happened to me. There was a bunch of businesses associated with me having worked with and not paid on that I have never had anything to do with. One of my big teaching lessons here is you have to request your credit report, take a look at it, and see if it's actually accurate. If it's not, you challenge the accuracy of that, which is very easy. They can teach you online to do that. So that was 1 of the take-home messages of it. A second take-home message is, unfortunately, 1 of these big 3, in the past few years, had a data breach. One of the largest in human history, and that is with Equifax. Equifax had a data breach that they admit to of 147 million people. That means [data of around] 1 out of every 2 Americans is out there somewhere.

So, here is my favorite lesson of the Grand Rounds conference that unfortunately made everyone depressed for a short period of time, but then empowered. People don't realize this, but there is a website that can tell you immediately if someone got ahold of your information when they had [the breach], and that's called equifaxbreachsettlement.com. If you go to equifaxbreachsettlement.com, and then follow the prompts, it says, "Yeah, you were probably breached. Your information is out there." That's what happened to me. When I go to that site right now, I put in my last 6 of my [Social Security number], my name, and it says, "Sorry, yeah, you were one of those." Now, the reason that's critical is because there's a class action settlement against them that lasts till 2024. So, they're [going to] help you, like the other companies, clean up anything. And if you were 1 of those [who were] breached, I would say you have to move with good speed to do some of the protection measures I mentioned in the Grand Rounds conference. Most people haven't even requested an annual credit report, which is absolutely free at all the 3 places just to figure out what it says about them. Now, let's just say you do that, you're feeling good about that. The next obligation you have is to tell your friends and family. You need to do all this because there are 15-year-olds, 16-year-olds, 17-year-olds, who had been breached, and also have never seen their own credit report. They've never requested it. Once you get that, you challenge it, and you clean it up, then you can do the final thing, which I'm completely biased [about]. You freeze your report, which means you don't allow anybody access to your report ever again, until you give a thumbs up for it. There's a lot to do. And it's to first find out how vulnerable you are. Second is to submit for your own credit report. Remember, this is the 3 top agencies, there are several others that we could talk about, but that's for part 2 or part 3 down the road.

What are some strategies physicians should implement to protect their identity?

We tend to hear the ones that are just regurgitated over and over again, "Hey, make your passwords difficult." I'm going, "Yeah, thanks. I've heard that 1 about 7000 times." But what I want to hear is the ones that you don't hear from a lot. Now, remember, you're doing this over the next 6 months, 9 months, and this is all free. You can request it every year, each single agency. You can do it all at once you, can stack it, you can do 1 of them today, another 1 in 2 months, another 1 in 3 months, you challenge it. After you've reached that “nirvana” point where you feel comfortable, everything's correct, and then you freeze your report —all of this is free—you're going to be given a pin number to freeze and unfreeze it. You need to hold that pin number like a baby, or like baby puppies, I say in the talk. You never let it go. You can't lose it.

I'll give you a classic example. We talked to a cable company recently. We wanted to activate a new cable service. And they said, "Sorry, there's nothing on you. We can't access your report." I said, "Well, I'm willing to unfreeze my report, but I need to know which credit reporting agency you work with." They said, "No problem. We'll tell you. We work with 1 of the big 3 I mentioned today." I said, "I'm going to unfreeze it, and you have 24 hours to access it to see that I'm okay. And then it's going to be frozen again." They said, "Okay," and I did that and then I froze it again. They saw the credit and we got the cable TV, right? So, just getting to that point where you see your report, you fix your report, and then you freeze your report, I have met maybe 1% of my colleagues that have even done that.

Now, let's just say someone watching has done all that. Here's the catch. Credit reporting is a massive business. I went into the government website and decided to count, last year, how many credit reporting agencies [there are available]. I counted 54 credit agencies in the United States that follow all sorts of data all the time that provide information on you. What that means is somebody is always trying to become one of the next big 3. It's not just Ford, GM, and Chrysler. Somebody wants to be a Tesla, right? They want to join that group. And the same thing when it comes to credit reporting. So, there's another group out there. This is the bonus part of the interview that a lot of people don't realize. A lot of people have been doing everything I've been asking lately, but then they still get a breach, they still get their identity stolen. For example, they get a cell phone bill. Well, there's another massive reporting agency known as NCTUE. NCTUE essentially handles a lot of the cable, the telecommunications, pay TV. In my report in my actual presentation, I talked about a new kid in town. National Consumer Telecom and Utilities Exchange. They're out of Atlanta. Guess what? You got to see your reports, fix that report, and freeze that report. Now there are big 4. In the future, there's going to be a 5 and 6. So, you just don't stop there. You keep watching for who's moving their way up. Who's the next Tesla? It's an ongoing process. My guess is, within a year or 2 of this interview, there will be at least 5 major companies that you're going to have to see, fix, and freeze. And I'll try to keep up with all of that.

The last thing I talked about: Not only did these people provide your credit report to a million other people, [but] it's [also] how a lot of people send you all this information to try to solicit credit cards and insurances. My mailbox used to be full [of] offers. If you look carefully on each of these websites, you can actually go to an area called opt-out pre-screen. You can inquire with them [about] how you want to be opted out and nonexistent when it comes to free mail offers on credit cards, insurance, and other offers. My regular daily stack of mail of free offers went from [super high] to zero. Identity theft is stressful enough, and then when you're getting a million offers in the email that say, "Hey, we'll give you this line of credit on a credit card, even though you've frozen yourself," that's stressful too. Another take-home message is after you've done some of the steps that I identified, start looking at ways that you can tell these companies, "Don't make me a part of all these mail-in offers for credit cards and other things, because it's, to me, junk mail, and it's stressful. And I don't want to do those offers unless I inquire about my own offer with a credit card company."

[Lastly,] the subtitle of the talk was: "The free stuff." Everything I'm identifying is free. That's what I learned in my PhD for identity theft. See, everybody talks to me, [saying,] "I sign up with this group. I signed up with this group. I pay $100 a month. I pay $30." I'm going, "That's up to you, if you want to do that." I'm talking about everything in my lecture is the free stuff. A lot of my life and urology is talking about lifestyle and AUA updates and, "Hey, how do you better yourself in terms of lifestyle, diet, and overall health?" and I'm talking about free. All of this is free to every single person. If you want to then sign up, that's fine.

The second point I failed to mention is [that] a question I always get is, "If I freeze my kids, or if I freeze my spouse or myself, what happens to my FICO score? What happens to my credit value or my vantage score?" Or "I want a really good FICO score that says I'm a dependable person." Nothing happens to it. It continues to grow and be fine. It has nothing to do with whether or not you are a dependable person in terms of a line of credit. That is a false narrative. Your credit report is only as good as you are paying your bills and freezing yourself and opting out of the system still protects your credit, and still allows you to increase your credit scores, like your FICO score.