A while ago I went to the doctors office for the yearly check-up. The clinic I go to likes to update and verify information with every visit. The front desk workers repeat the information loud enough that most of the people in the office can hear. So anyone in the room could have heard my name, why I was there, my phone number, and part of my address. There were several women in the office area when I checked in for my appointment.
Five days later I started to get calls once to twice a week from different phone numbers with no name associated with them. The messages all contained the following*:
- A mumbled first name
- That doctor Smith* gave her my information
- That she urgently needed to contact me to go over information
- That I needed to set an appointment with her
I immediately became suspicious. Usually at that clinic the doctors follow up with patients either through phone calls or the internal encrypted email system. And all messages usually contain clearly stated information: full name, position at the clinic/job title, call back number, and reason for the call. All things HIPPA allows considering I gave them my number and indicated they could leave messages.
The other major red flag came with the second statement in the messages; “Doctor Smith* gave me your information.” Normally when a doctor is going to pass my information to someone else they inform me first. They are very clear as to whom they are sending the information to, the reasons why, and the name of the person. That is so I know whom to expect a call from. Or whom I need to call when they don’t get back to me within a few days. That didn’t happen in this case. Not even when I mentioned the calls to him.
It all reminded me of a scene from the movie “Identity Thief”. The thief calls up the victim and pretends to be from a credit monitoring service. She tells him his information has been stolen and he just needs to verify full name, social security, and address over the phone with her to get his identity back:
A call from someone claiming to be from a doctors office wanting to urgently go over information can be scary. It can pull at our emotions and make us gasp as to what could be wrong. So, yes we need to find out as soon as possible, make appointments, and confirm our information over the phone. However, if we take a deep breath and think for a moment we can see the red flags. The parts of the story that don’t make sense. And then take action to find out if they actually are who they are claiming. We all need to be on guard.
Here are just a few tips:
- Don’t answer calls from numbers and/or names you do not recognize.
- The IRS, your states Department of Revenue, etc., will not contact you by phone, email, or in person first. They send an official letter.
- Make sure passwords are different; especially for banking, medical, etc.
- If your password is; or resembles, “Password”, “1234”, popular characters/celebrities name; change it immediately.
- Make a habit of changing passwords every so often
- Set up two factor authentication
- Remember the security question answer can be anything. So even though the question asks, “what color is the sky?” You can answer it with anything you want.
*Disclaimer: The doctors name has been changed, and the conversation summarized.