Tips to Protect Your Personal Information

Senior woman calling customer service case management phone

With the increasing threat of medical identity theft, read on for practical tips for safeguarding personal information.

Scammers would like to get their hands on your personal, financial, and health information, so they can use it to impersonate you and commit fraud — including obtaining health care. Medical identity theft is increasing, as criminals become more sophisticated and trick more people into disclosing their confidential information. 

You can fight back by staying vigilant and learning how to keep your data safe. In this article, we’ll show you what to look for and give you tips for protecting your personal information. 

Avoiding Phishing

A common fraud that many consumers fall victim to is called phishing — so named because thieves use fake email or text messages as bait to lure unsuspecting people into giving out their personal information.

Phishing messages usually try to get you to take action, such as clicking on a link, opening an attachment, or calling a phone number. Scammers often make their messages look like they are coming from a company or organization you do business with or trust. They try to sound urgent so that you’ll act quickly without thinking. Some examples include:

  • There’s been suspicious activity with your account
  • Your health coverage has lapsed
  • You’re required to confirm or update information
  • An invoice must be paid immediately
  • You’ve won something or are eligible for a refund

When you receive an unsolicited email or text message, look at it carefully. 

  • Does it have a generic greeting, like “Dear Customer?” 
  • Are there grammar or spelling errors? 
  • Is it trying to get you to do something right away? 
  • Is it requesting personal information? 
  • Does it have links to unfamiliar websites?

These are all red flags that it could be a phishing attempt. Stopping and thinking about it before acting is your best defense.

If you don’t have an account with the company the email or text is supposedly from, the best thing to do is report it via your email provider. You can also forward it to the Anti-Phishing Working Group at 

If you do business with the company mentioned, do not respond to the suspicious email or text. Don’t click on links or open attachments, as those could be malware — software that breaks into or damages your computer. Instead, if you are concerned, go directly to the company website or call the company’s real customer service phone number to inquire. You can find our customer service number on our website or on the back of your member ID card.

Defeating Scam Calls

Fake emails and texts are not the only ways scammers try to steal information. They also make phone calls impersonating representatives of companies, healthcare providers, or government agencies, hoping that you’ll divulge personal information.

If you receive an unsolicited phone call from someone who says they represent a company or healthcare provider, don’t give out any personal information like your credit card number, Social Security number, Blue Cross account number, or Medicare number. 

Some tricks that phone scammers use include:

  • Saying they already have your health information on file and just need you to confirm it. 
  • Telling you that you’re entitled to a refund, and they need a credit card number to send it to you.
  • Threatening that you owe money and need to pay immediately.
  • Asking you for a password so that they can provide technical support.

If you get a phone call like this, it’s best to end the conversation immediately. If someone leaves a voice mail message, don’t call the number they provided as it may go right to the scammer. If you want to check that the reason for the call was legitimate, call the company’s real customer service number to inquire.

Scammers may use technology to try to fool you into answering their call and thinking you’re interacting with a legitimate representative. They put fake names and numbers in the caller ID. Don’t trust what it says on your phone’s caller ID screen.

Please remember that Blue Cross Vermont will never call you to ask for personal information like your Social Security number.

Safeguarding Medical Information

As a Blue Cross member, you’ve probably received information from us in the mail, like your premium invoice or a summary of health plan payments. You may carry your member ID in your wallet or purse. You could have received papers during doctor and pharmacy visits with personal information on them. All of these health care documents need to be safeguarded to ensure that the information remains confidential and out of the hands of medical identity thieves.

  • Shred documents with personal information before discarding. Paper shredders, preferably cross-cutter ones, are inexpensive to purchase — with models available for less than $100. You can bag up the shredded paper and take it to your local recycling center. If you’d rather have someone else do the shredding, companies like SecurShred have events around Vermont where they accept boxes of documents to be shredded.
  • Remove labels from empty prescription bottles and shred them. If you can’t get a label off, use a permanent marker to black out all personal information.
  • Delete data stored on computers and portable devices before selling or discarding the equipment. Use software designed to permanently erase the hard drive, or you can physically destroy it by shredding them via companies such as SecurShred.
  • Before logging into an online account, check that the website is legitimate. Check that the website’s address at the top of your browser is spelled correctly and that the domain is correct (such as .com or .org). Also check to see if the site is secure, such as the URL begins with https.
  • Limit the personal information you share on social media, recognizing that any data you share could be used by other parties or sold. Consider changing your privacy settings to limit who can see your posts, as well as hide your public profile to help prevent cloned account attacks.
  • Review app settings to control how information is collected and shared. Avoid downloading unnecessary apps, especially free ones. Don’t allow apps to access your location data unless it is necessary.

Other steps you can take for improving online data security include:

  • Create strong passwords of at least 12 characters. Use a unique password for each account and change passwords as soon as you are notified that a password may have been compromised. 
  • Password manager software can make this easier — such as LastPass or Dashlane, Apple Keychain, etc. Don’t share passwords with anyone and don’t write them down where other people can see them. Keep written passwords in a secure location. 
  • Take advantage of multifactor authentication (MFA) everywhere it is offered, from social media accounts to shopping, financial, and healthcare sites. This is an extra step which sends an authentication code to your phone or email that must be entered within a limited time to gain access to the account. For extra security, avoid SMS and use an app that safely stores all of your MFA tokens.
  • Be cautious using free wi-fi. While casually browsing on your hospital’s guest wi-fi network should be ok, wait until you are home or on a secure network before doing things like using a credit card or logging into an account. 
  • Use security software such as anti-virus and firewall programs. Keep these up to date and make sure your computer is being scanned regularly.   

What If Your Information is Stolen?

We hope these tips will help prevent your personal, financial, and health information from getting into the wrong hands. To help us fight healthcare fraud, you can regularly check your claims history in our Member Resource Center and let us know if there are any errors, such as services you didn’t receive or prescriptions you didn’t take. 

If you suspect that your health information has been stolen, contact us immediately. Check out our Fraud, Waste and Abuse Program’s webpage for more information. You can also use the Federal Trade Commission’s website to report fraud and identity theft.

Learn more about medical identity theft from the Federal Trade Commission.