When Florida resident Charles McElwee posted on December 7, 2021, an online advertisement promising “Medicare data for sale,” he was not joking. His price: 12 cents a file, a minimum buy of 5,000 files ($600). While it may appear to not be a big deal, medical theft is lucrative. A fraudster can use personal information like a Medicare number to access medical care for their own personal care or to file false claims on your behalf to make money. Heck, they can even do both. Any way you look at it, the McElwee’s ease in gaining Medicare identities is one small reason that Medicare and Medicaid fraud has now become a $100 billion problem.
Starting in July, 2021, McElwee used data mining and social engineering techniques to obtain Medicare Beneficiary Identifiers (BMII) and other personal information that he subsequently advertised and sold online. The information that he gathered included beneficiary names, addresses, dates of birth, Social Security numbers, and Medicare beneficiary identification numbers. McElwee, on December 14, 2021, registered a company called Lead Junkies with the state of Florida.
McElwee’s emails and bank records shows that he bought many of the BINs from fellow fraudsters purporting to be in the Philippines. McElwee repeatedly advertised his bargain basement fraud deals, selling and distributing thousands of BINs to fraudsters in the United States and globally. In one such sale on April 5, 2021, McElwee gave a buyer a bargain, selling the BINs of 83,000 people for $8,000. Overall, McElwee sold 2.6 million BINs and made $310,000. Such a a small amount compared to the cost of damage to the victims and the taxpayers.
Great job by the Department of Health and Human Services.
Today’s Fraud of the Day is based on article “Florida Man Pleads Guilty in Medicare Beneficiary Identifier Trafficking Case” published by HIPAA Journal on March 6, 2023
The Department of Justice has announced one of its first prosecutions under the Medicare Access and CHIP Reauthorization Act of 2015 in a case involving the theft and sale of Medicare Beneficiary Identifiers.
The Medicare Access and CHIP Reauthorization Act of 2015 (MACRA) required the Centers for Medicare and Medicaid Services (CMS) to remove Social Security numbers from all Medicare cards as part of an effort to prevent fraud, combat identity theft, and safeguard taxpayer dollars and replace them with Medicare Beneficiary Identifiers. MACRA also made it illegal to buy, sell, or distribute Medicare Beneficiary Identifiers without proper authority.