Hundreds of medical professionals targeted in multi-state tax scam

Medical professionals in ten states have become victims of identity theft, after someone used their personal information, including Social Security Number, to file fraudulent tax returns.

In a majority of the cases, the victims were made aware of the situation after they attempted to submit their federal returns electronically, only to be told that someone had already filed them.

The scam includes fraudulent returns at both the federal and state level, targeting various medical professionals, including nurses, physicians, dentists, and oral surgeons. So far, victims in Indiana, Massachusetts, Maine, New Hampshire, South Dakota, Iowa, North Carolina, Colorado, Connecticut, and Vermont have come forward. Moreover, similar reports of fraudulent returns have surfaced in Puerto Rico as well.

In Indiana, the state's medical association (ISMA) issued an alert to healthcare professionals, warning them of the scam and encouraging victims to come forward. In addition to the warning, the ISMA also said that the Indiana Department of Revenue (DOR) is investigating the situation.

In all, more than 100 professionals have come forward, reporting a fraudulent tax return at either the state or federal level. Some have reported both. In a statement, Julie Reed, ISMA general counsel, recalled her conversations with the DOR investigation unit.

"The DOR is viewing this as a large problem and officials are very concerned. While their investigation has not yet identified the source of the presumed breach, they are tracking all the cases, looking for patterns, and actively investigating and pursing leads."

Chuck Taylor, of the Indiana Attorney General's Identify Theft Unit, said that his office is actively investigating complains, but added that they've yet to identify a common source of compromise.

Investigators are also unsure as to how the medical professional's information was obtained. While the possibility of a data breach hasn't been ruled out, evidence of such a security incident hasn't surfaced.

The Michigan Dental Association (MDA) reported the same scenario earlier this month, after members reported attempting to do their taxes online, only to be told that they had already been filed. The MDA warning, similar to the one issued in Indiana, also encouraged anyone who suspects they may be a victim to report the incident in order to help track the scam's reach.

In New England, several state medical associations issued warnings about the scam, each noting the same discovery process. However, medical professionals in those states also reported learning about the problem after receiving a 5071C letter from the IRS.

A 5071C letter is issued when the IRS needs additional information to verify a person's identity. These notices are sent when the IRS has received a federal return, but before it can be processed, additional information is required. Quite often, in the case of identity theft, these notices are one of the first warnings that something is wrong.

As mentioned, the source of the scam itself has investigators at the various state agencies puzzled. The consensus is that the medical professional's data has somehow been compromised, but the source of the potential breach remains unknown.

The common thread between the victims suggests that the source of the data could be a national insurance agency. Many of the victims reported that their 5071C notices included the name of an unknown individual listed as a spouse, but in some cases, the name listed was that of a prior patient.

The use of patient data, in addition to the medical professional's details lends creditability to the working theory that an insurance company could be the source of the data being used in the scam. However, at this stage, none of the agencies investigating the matter have enough information to prove or disprove that assumption.

According to the IRS, the number of identity theft related criminal investigations increased by 66 percent last year. The agency says such growth made it one of the fastest growing crimes in the U.S.

"Identity theft is one of the fastest growing crimes nationwide, and refund fraud caused by identity theft is one of the biggest challenges facing the IRS," said IRS Commissioner John Koskinen.

Join the CSO newsletter!

Error: Please check your email address.

Tags applicationsMichigan Dental Associationfraudulent transactionstax return securitysoftwareIdentity fraud / theftdata protectionIndiana Department of Revenuemedical records securityIRStax scamssecurity

More about IRSIRS

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Steve Ragan

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place