Technology
Hackers are bypassing fingerprint scanners to steal your identity
Fingerprint sensors have been around for quite some time, and they’ve become a standard feature in most smartphones. Apple introduced Touch ID on the iPhone 5s in 2013. Since then, it has appeared on 12 major iPhone models (and some iPads as well).
Though Apple removed it from most phones after the iPhone 8, it’s still found in the iPhone SE series. On the flip side, almost every Android phone on the market has a fingerprint scanner. But are fingerprint scanners impossible to bypass? Frank from Deerton, Michigan, asked a similar question that I want to highlight and address because it helps all of us:
“Can a website be hacked/compromised with password and fingerprint protection (multiple verification)?”
I get what you’re saying, Frank. You’d think that since a fingerprint scanner literally requires your fingerprint, it couldn’t be bypassed. But you’d be wrong. While fingerprint scanners are generally more secure than facial recognition and passwords, they’re not foolproof. In fact, there are several ways bad actors can bypass them to steal your identity.
Join The FREE CyberGuy Report: Get my expert tech tips, critical security alerts and exclusive deals — plus instant access to my free Ultimate Scam Survival Guide when you sign up!
A smartphone on a table (Kurt “CyberGuy” Knutsson)
5 ways bad actors can bypass fingerprint scanners
There are multiple ways hackers use to bypass fingerprint scanners. Below, I will discuss five of the more prominent methods.
1. Masterprints and DeepMasterPrints
Hackers exploit the concept of “masterprints,” which are fingerprints engineered to match multiple individuals’ prints. Researchers at NYU Tandon developed “DeepMasterPrints” using machine learning to generate synthetic fingerprints that can deceive sensors by mimicking common fingerprint features. These artificial prints can match with a significant percentage of stored fingerprints, especially on devices with less stringent security settings.
2. Forged fingerprints using 3D printing
Another trick hackers use is making fake fingerprints. They can lift prints off things you’ve touched and then use stuff like fabric glue or even 3D printers to make molds. For example, researchers at Cisco Talos tried out a bunch of different ways to do this using 3D printing and tested them on phones like the iPhone 8 and Samsung S10; laptops like the Samsung Note 9, Lenovo Yoga and HP Pavilion X360; and even smart gadgets like padlocks.
On average, the fake fingerprints worked about 80% of the time. They were able to fool the sensors at least once. Interestingly, they couldn’t crack the biometric systems on Windows 10 devices, but they pointed out that doesn’t necessarily mean those are more secure. It just means this particular method didn’t work on them.
19 BILLION PASSWORDS HAVE LEAKED ONLINE: HOW TO PROTECT YOURSELF
3. Brute force attacks via BrutePrint
Attackers have found a cheap way to break into smartphones by brute force fingerprint authentication. The method, called BrutePrint, lets attackers get around the usual limits that stop too many failed fingerprint attempts. It works by taking advantage of two previously unknown flaws in the fingerprint system. These flaws, named Cancel-After-Match-Fail (CAMF) and Match-After-Lock (MAL), exist because of weak protection for fingerprint data on a part of the hardware called the Serial Peripheral Interface (SPI).
Basically, BrutePrint uses a hardware-based man-in-the-middle attack to hijack fingerprint data. It sits between the fingerprint sensor and the phone’s secure area (called the Trusted Execution Environment) and tries as many fingerprint images as needed until it finds a match. The relieving part is that the attacker needs to have physical access to the phone for this method to work.
4. Side-channel attacks with PrintListener
PrintListener is a side-channel attack that captures the sound of a finger swiping on a screen to extract fingerprint features. It might sound like something out of a sci-fi movie, but researchers have already built a proof of concept. By analyzing the friction sounds, attackers can reconstruct fingerprint patterns, potentially enhancing the effectiveness of masterprint attacks.
5. Exploiting unsecured fingerprint data storage
Some devices store fingerprint data without adequate encryption. If attackers gain access to this unprotected data, they can replicate fingerprints to bypass authentication. For example, in 2024, a misconfigured server exposed nearly 500 GB of sensitive biometric data, including fingerprints, facial scans and personal details of law enforcement applicants.
Image of a smartphone (Kurt “CyberGuy” Knutsson)
TOP 20 APPS TRACKING YOU EVERY DAY
So, can you trust fingerprint scanners?
Fingerprint scanners make it easy and fairly secure to unlock your devices. Since everyone has unique fingerprints, you don’t need to remember complicated passwords. Just a quick touch and you are in. Most modern devices store your fingerprint data in secure parts of the system, and they use things like liveness detection to make sure someone is not trying to trick the scanner with a fake finger.
Still, no security method is perfect. Skilled attackers have found ways to get past fingerprint scanners using high-resolution photos or 3D-printed fingers or by taking advantage of flaws in how the scanner communicates with the rest of the device. The risk really depends on how well the scanner is designed and how much effort someone puts into breaking it. For most people, fingerprint authentication is quick, easy and secure enough. However, if you are dealing with very sensitive information, relying only on biometrics might not be the best idea.
HOW TO REMOVE YOUR PERSONAL INFO FROM PEOPLE SEARCH SITES
A person using a fingerprint for security verification purposes (Kurt “CyberGuy” Knutsson)
10 SIMPLE STEPS TO IMPROVE YOUR SMARTPHONE’S SECURITY AND PRIVACY
6 ways to protect your fingerprint data
Safeguard your biometric identity with these essential security measures.
1. Choose trusted phone brands: If you’re buying a phone, stick with well-known brands like Apple, Samsung or Google. These companies take extra steps to protect your fingerprint data by storing it in secure areas of the phone that are harder to access. Cheaper or lesser-known brands may not have these protections, which makes it easier for attackers to steal your data.
2. Keep your phone updated: Phone updates are not just about new features. They fix security problems that hackers might use to break into your device. If your phone asks you to install an update, do it. Most phones also let you turn on automatic updates, so you don’t have to worry about remembering. Keeping your software updated is one of the easiest and most important ways to stay protected.
3. Use strong antivirus software: Install strong antivirus software to detect malware that could compromise biometric data storage. Strong antivirus software offers real-time threat detection, anti-phishing and privacy features to block unauthorized access to fingerprint data. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.
WHAT IS ARTIFICIAL INTELLIGENCE (AI)?
4. Don’t rely only on your fingerprint: Using a fingerprint to unlock your phone is convenient, but it shouldn’t be your only line of defense, especially for sensitive apps like banking or email. Always set up a PIN, password or pattern as a backup on your iPhone and Android. This way, even if someone manages to copy your fingerprint, they still need another piece of information to get in.
5. Be careful about who handles your phone: If someone else uses your phone, especially a stranger or someone you don’t know well, they might be able to copy your fingerprint from the screen. It’s rare, but it happens. To reduce this risk, avoid handing your phone to people unnecessarily and wipe your screen occasionally to remove any clear fingerprints.
6. Only use fingerprint login with trusted apps: Not every app that asks for your fingerprint is trustworthy. It’s safest to use fingerprint login only with apps from known and reliable companies, like your bank, phone manufacturer or email provider. If an unfamiliar app asks for fingerprint access, it’s better to skip it and use your password instead.
7. Consider using a personal data removal service: Even fingerprint scanners can be bypassed, and large amounts of personal and biometric data have been exposed in breaches. Using a personal data removal service helps reduce your risk by removing your sensitive information from public databases and data broker sites, making it harder for hackers to piece together details that could be used to steal your identity. Check out my top picks for data removal services here.
Get a free scan to find out if your personal information is already out on the web.
WHAT HACKERS CAN LEARN ABOUT YOU FROM A DATA BROKER FILE
Kurt’s key takeaway
Passwords are generally easier to hack than biometric data like fingerprints or facial recognition. However, the key difference is that passwords can be changed if they’re compromised. Your biometrics cannot. Most modern devices allow both options, and biometrics can offer an extra layer of security by making it harder for someone else to access your phone or apps. They’re also fast and convenient, since you don’t need to remember or type anything. That said, in most cases, your device still falls back on a password or PIN when biometric identification doesn’t work, so both systems often go hand in hand.
With the increasing sophistication of methods to bypass fingerprint security, what should companies be doing to stay ahead of these threats and better protect user data? Let us know by writing us at Cyberguy.com/Contact
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter
Ask Kurt a question or let us know what stories you’d like us to cover
Follow Kurt on his social channels
Answers to the most asked CyberGuy questions:
New from Kurt:
Copyright 2025 CyberGuy.com. All rights reserved.
Technology
Google turns old phones into cloud servers
NEWYou can now listen to Fox News articles!
That old phone sitting in your drawer may have more life left in it than you think. You may look at it and see a dead battery, an outdated camera or a screen that no longer feels worth using. Google and researchers at the University of California San Diego see something else: a tiny computer that may still have useful processing power.
Their idea is called phone cluster computing. Instead of treating retired smartphones as electronic waste, researchers remove the motherboard and redeploy it as part of a low-carbon computing system.
Google says UC San Diego plans to launch a data center built from 2,000 Pixel smartphones in fall 2026. The goal is to provide low-cost cloud computing for students and researchers while reducing the need for newly manufactured server hardware.
That means the next chapter for an old phone may not be a junk drawer. It may be a server rack.
YOU COULD GET PAID FROM GOOGLE’S ANDROID DATA LAWSUIT
Researchers plan to launch a 2,000-phone data center at UC San Diego in fall 2026 to support students and research workloads. (Kurt “CyberGuy” Knutsson)
Sign up for my FREE CyberGuy Report
- Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
- For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com – trusted by millions who watch CyberGuy on TV daily.
- Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.
What is phone cluster computing?
Phone cluster computing takes retired smartphones and turns their core hardware into a computing platform. The process starts by stripping each phone down to the motherboard. That board holds the processor, memory and storage. The display, battery, cameras, chassis and other phone-specific parts are removed.
That step is important because a full phone does not belong in a data center. Batteries can create safety issues. Screens and cameras waste space. The motherboard is the part that still offers computing value.
Once the board is removed, researchers load a general-purpose Linux system onto it. Android already runs on Linux at its core, but Android is built for mobile apps and personal devices. A data center needs something more flexible for cloud workloads. After that, the phone boards can be grouped into clusters. Many small boards then work together like a collection of tiny servers.
Why Google wants old Pixel phones for cloud computing
The AI boom has created a huge appetite for computing power. Data centers need more chips, more electricity and more cooling. At the same time, billions of phones fall out of use around the world.
This Google-backed project takes that conversation in a different direction by asking whether some useful computing can come from hardware we already made.
The project focuses on embodied carbon. That means the emissions created before a device ever turns on. Mining, manufacturing and shipping all add to that carbon footprint.
If a phone motherboard already exists, reusing it can avoid some of the environmental cost tied to manufacturing new hardware. Google says the motherboard accounts for about half of a phone’s embodied carbon, which makes it the most valuable part to recover.
How retired smartphones become low-carbon servers
You cannot plug a pile of old phones into a rack and call it a data center. The process requires careful teardown, new software and a way to manage many boards at once. Google says the project uses containerized applications managed by Kubernetes. That helps coordinate the work across many devices.
The phones are organized into self-managing clusters of about 25 to 50 boards. Each board works as a small Linux machine. Together, they can handle tasks that would otherwise run on traditional cloud servers. That does not make one phone equal to one server. A server has many more processor cores, more memory and data center-grade hardware. A phone board has fewer resources and tighter limits. Still, some jobs do not need a giant machine. They need enough compute to run efficiently without wasting resources.
GOOGLE ENGINEER STOLE AI SECRETS FOR CHINA, SENATE HEARS IN EXPLOSIVE TESTIMONY
Google and UC San Diego are testing a cloud computing system built from retired Pixel phone motherboards, giving old smartphones a possible second life. (Google)
Can old phone processors handle cloud workloads?
The technical case is stronger than you may expect. Google says the single-threaded performance of modern smartphone performance cores can match or beat the per-core performance of some modern multicore servers. In one comparison, a 2023 Pixel Fold was tested against an ASUS RS720A-E11 server using SPEC benchmarks. The Pixel Fold’s performance cores beat the baseline data center server core on many of the tests. That sounds impressive, but there is an important catch.
A smartphone board has a smaller memory limit and fewer cores. It also lacks the management tools and hardware durability that servers are built around. So the project needs the right workloads.
UC San Diego is starting with educational and research computing. That makes sense because many classroom tasks can run on small cloud instances. Google says early experiments showed that a 20-phone cluster could support peak submission rates for a class of more than 75 students. The grading latency also came in below the default AWS backend used in the comparison.
Why UC San Diego is testing a 2,000 Pixel phone data center
UC San Diego plans to use the 2,000-phone cluster to support computer science classes and research workloads. Google says the deployment could support about 100 classes at once. It also describes the system as providing about 50 server-equivalents worth of compute at a fraction of the usual cost.
For a university, that could be a major advantage. Cloud computing costs can rise quickly, especially when many students submit assignments at the same time. If a reused phone cluster can handle some of that load, schools may save money while reducing demand for newly manufactured servers.
This also gives researchers a chance to test phone-based computing at scale. A small lab demo can look promising. A 2,000-board deployment will show much more about reliability, maintenance and day-to-day performance.
Phone cluster computing still has big limits
Phone cluster computing sounds promising, but it still has a lot to prove. Your smartphone was made for daily use in your hand, not nonstop work inside a data center. Data center servers are built to run for years with steady cooling, fast repairs and constant monitoring. Phone motherboards come from devices made for pockets, backpacks and kitchen counters. That alone raises some big questions.
The boards could fail faster than expected. Cooling may also become a challenge once thousands of tiny processors run side by side. Then there is the labor problem, because someone has to safely remove batteries, screens and other parts before the boards can be reused. Cost will be the deciding factor. If teardown, maintenance and replacement work get too expensive, this idea may stay in the research lab.
Phone clusters also will not replace the massive GPU systems that power advanced AI training. They make more sense for smaller cloud jobs, classroom tools and research tasks that fit within smartphone hardware limits. That still leaves plenty of useful work. After all, not every cloud task needs the newest chip.
Why old smartphones could help cut e-waste
The world’s e-waste problem is growing fast. The Global E-waste Monitor projects that electronic waste could climb to 82 million tonnes by 2030, while formal collection and recycling rates are expected to fall to 20%. Old phones are a big part of that problem because many never make it to a proper recycling program. They sit in drawers, land in closets or get tossed out with valuable parts still inside. Even when a phone no longer feels useful to you, its processor, memory and storage may still have work left to do.
CyberGuy has covered related second-life ideas before, including old smartphones being turned into tiny data centers and repurposed EV batteries helping power AI data centers. The common theme is hard to ignore. Some of the hardware already in circulation may still have useful work left to do.
FIVE DATA BROKER OPT-OUT MYTHS THAT LEAVE RETIREES EXPOSED
Google says reusing smartphone motherboards could cut hardware waste and reduce the carbon cost of building new data center servers. (Yawar Nazir/Getty Images)
How to safely recycle or reuse your old phone
This research does not mean you should toss your old phone into a random donation bin tomorrow. Before you recycle, donate, trade in or sell an old phone, you need to protect your data. Back up anything you want to keep. Then sign out of your accounts and securely wipe the device.
CyberGuy has a helpful guide on how to securely get rid of your old cell phone. Privacy comes first whenever you part with a device.
You can also consider trade-in programs, certified refurbishers or reputable electronics recycling programs. If the phone still works, buying refurbished can also keep devices in use longer. CyberGuy has covered what to know before buying refurbished electronics, which is helpful if you want to save money without taking a gamble. The key is to avoid letting old devices sit forgotten forever. A phone in a drawer helps no one.
What this means to you
That old phone in your drawer may not be as useless as it looks. Even if the battery is tired or the camera feels outdated, the processor inside may still have real value.
Now, you probably will not be mailing your old phone to a Google data center anytime soon. Still, this project points to a bigger shift in how we think about retired tech. Instead of sending every old device straight to recycling or letting it collect dust, companies, schools and researchers may find smarter ways to reuse the parts that still work.
There is also a money lesson here. If your current phone still runs well, you may not need to rush into an upgrade just because a newer model comes out. A battery replacement, trade-in or refurbished option could save you money while keeping perfectly good hardware in use longer. To me, that is the real takeaway. The phone you forgot about could possibly still have a job to do.
Watch the CyberGuy Live replay: Lock Down Your Phone in 30 Minutes
Your phone holds your email, passwords, photos, banking apps and personal data. In this free CyberGuy Live replay, Kurt the CyberGuy walks you step by step through simple phone security fixes you can do at your own pace. You’ll learn how to improve your privacy settings, spot the latest phone scams, use trusted security tools and walk away with a simple checklist to stay protected. Watch the replay and get our checklist here: CyberGuyLive.com.
Kurt’s key takeaways
Google and UC San Diego are testing how to turn retired Pixel phone motherboards into a low-carbon cloud computing platform. The project could give old smartphones a second life while reducing the need for newly manufactured servers. That is important as AI data centers keep demanding more computing power and more electricity. The first major test is expected in fall 2026 with a 2,000-phone data center at UC San Diego. If it works, the cluster could support students and researchers at a lower cost than traditional cloud infrastructure. However, this idea still has to prove it can handle the grind of daily use. Reliability, cooling, teardown labor and maintenance will determine whether phone cluster computing can grow beyond just research. To me, the most relatable part is sitting in your junk drawer. That old phone may seem useless, but its processor could still be powerful enough to help run cloud jobs. Maybe the future of computing starts with hardware we already forgot we owned.
Would you feel good knowing your old phone could help power cloud computing? Let us know by writing to us at CyberGuy.com.
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Sign up for my FREE CyberGuy Report
- Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
- For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com – trusted by millions who watch CyberGuy on TV daily.
- Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.
Copyright 2026 CyberGuy.com. All rights reserved.
Technology
Google’s Nest Thermostat has hit its best price of the year
If you’re looking for a relatively affordable way to cut down on cooling costs, Google’s Nest Thermostat can help. It’s packed with smart controls and energy-saving features, and right now it’s on sale in white for $79 ($50 off), which is its best price of the year, at Amazon.
The smart thermostat is quick to install and makes it easy to adjust your home’s temperature whether you’re relaxing in bed or on your way home thanks to the Google Home app. You can also create schedules and control it with your voice using Google Assistant, Alexa, or another Matter-compatible voice assistant.
Once it’s set up, the Nest Thermostat can automatically turn the temperature down when you’re away to help reduce unnecessary energy use, while Google’s Savings Finder feature suggests additional ways to save over time. It also monitors your HVAC system and can alert you if something doesn’t seem right, making it easier to stay on top of maintenance before small issues become bigger, more expensive ones. If you’re eligible, Nest Renew can also automatically shift some of your heating and cooling to times when electricity is cleaner or cheaper.
That said, this is Google’s entry-level model from 2020, so you do miss out on some of the premium features found on the latest Nest Learning Thermostat. Unlike the flagship version, it won’t learn your schedule automatically over time, for example, and lacks support for Nest Temperature Sensors that let you prioritize the temperature in a specific room. Even so, if all you want is an easy way to adjust your home’s temperature remotely and potentially lower your energy bills, the Nest Thermostat is still a solid investment at this price.
Technology
Medical identity theft follows you into the doctor’s office
NEWYou can now listen to Fox News articles!
The Justice Department recently charged 455 people in its annual National Health Care Fraud Takedown. The cases involve more than $6.5 billion in alleged false claims. More state Medicaid units took part than in any prior year. Ninety of the accused are doctors or other licensed medical professionals. The DOJ says prosecutors still must prove the charges in court.
Many schemes used other people’s medical identities. Prosecutors also added aggravated identity theft charges in cases across dozens of states. In one case, the co-owner of a Virginia mental health company allegedly paid homeless people with hotel stays. Prosecutors say the company used their Medicaid numbers, then billed Medicaid for crisis services the patients never got.
For the people whose numbers got used, the case file may eventually close. Their medical records may not be so easy to fix. Once someone else’s treatment shows up under your name, it can add wrong information to your chart. It can also use up insurance benefits you may need later. That is harder to undo than canceling a credit card.
Sign up for my FREE CyberGuy Report
- Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
- For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com – trusted by millions who watch CyberGuy on TV daily.
- Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.
DR OZ WARNS MEDICARE SCAMMERS ARE STEALING BILLIONS — AND YOUR PERSONAL INFORMATION COULD BE NEXT
Medical identity theft can put someone else’s claims, prescriptions or diagnoses into your health records, creating problems that can follow you into a doctor’s office. (iStock)
The identity thief’s treatment gets written into your file
Medical identity theft happens when someone uses your name, Social Security number (SSN), health insurance account number, or Medicare number to see a doctor, fill a prescription, buy medical equipment, or submit a claim, according to the Federal Trade Commission (FTC).
When care is billed under your name, the thief’s health information can blend into yours. The FTC warns that mixed records can affect the care you’re able to get and the benefits you are able to use. A blood type, a drug allergy, a diagnosis, or a prescription that belongs to a stranger can sit in the file a physician reads before treating you.
Data breaches can feed the market for medical identity theft
Hospitals and insurers hold the exact records that make the fraud work, and those records are stolen often. This does not mean every healthcare breach leads to fraud. However, it explains why your insurance number, Medicare number, SSN and medical records can become valuable long after a breach notice arrives.
This spring, NYC Health + Hospitals reported that an intruder had copied files that may have included health insurance information, medical information, biometric data, billing data and other personal information. The breach was later reported to affect roughly 1.8 million current and former patients and employees.
Once a name, SSN, insurance number, Medicare number or medical record reaches a criminal marketplace, it can be resold to operators who bill under someone else’s identity.
Treat your insurance card like a credit card
Your health insurance and Medicare numbers are what these operations need, so the FTC recommends guarding them the way you would a payment card.
- Keep enrollment forms, benefit statements, and prescription labels somewhere secure, and shred them before throwing them out.
- When a doctor’s office asks for your SSN, ask whether it can use another identifier or the last four digits instead.
- Be wary of anyone who calls, texts, or emails offering free braces, genetic tests, or medical supplies in exchange for your Medicare number; several of the schemes in the June takedown billed Medicare for exactly those items.
- If you are on Medicare, create or log in to your secure Medicare account and review your claims. You can also check your Medicare Summary Notice for services, supplies or equipment you do not recognize. If something looks wrong, call 1-800-MEDICARE.
HOSPICE FRAUD USES STOLEN IDENTITIES FOR FAKE PATIENTS
Experts urge patients to treat insurance cards like credit cards and quickly challenge unfamiliar medical bills, claims or benefits notices. (iStock)
Your credit report may never flag this fraud
Because a fraudulent medical claim runs through insurance and provider systems instead of a credit check, it skips the alerts most people rely on.
Here’s what the FTC says you should look out for:
- A bill or an Explanation of Benefits (EOB) statement for care you never received
- A call from a debt collector about a medical debt you do not owe
- A medical collection you do not recognize on your credit report
- A notice from your insurer that you have reached your benefit limit
- A Medicare Summary Notice that lists services, supplies or equipment you never received
What to do first if a medical claim looks wrong
If a bill, EOB or Medicare notice shows care you never received, move quickly and keep everything in writing.
1) Call your insurer or Medicare directly
Call your insurer or Medicare using the number on your card, not a number from a random text, email or voicemail.
2) Get the claim details
Ask for the provider name, date of service, claim number and service details.
3) Request the records in writing
Contact the provider in writing and request the medical or billing records tied to that claim.
4) Report the error
Report the error to your insurer’s fraud department.
5) File an identity theft report
File a report at IdentityTheft.gov if your medical identity was used. That gives you a recovery plan and documentation you may need if fraudulent bills or collections show up later.
6) Save every document
Keep copies of every bill, EOB, letter, portal message, police report and case number.
Correcting a medical file is slower than disputing a charge
Request your records from every provider, clinic, pharmacy, lab and insurer the thief may have used, then report each error in writing. Under HIPAA, a provider generally has 30 days to give you access to your records after a written request, with a possible 30-day extension.
Fixing the record itself can take longer. HHS says a covered provider or health plan usually has up to 60 days to act on a request to amend a medical record, with a possible 30-day extension in certain cases. If the provider or plan created the wrong information, it must amend inaccurate or incomplete information.
There’s one catch, though: a provider may refuse to release records that now contain a stranger’s information, citing that person’s privacy. If that happens, ask for the provider’s privacy officer or patient advocate. You can also file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights if you do not get your records or an explanation within the required window.
TEXAS DATA BREACH HITS 3M LICENSE CUSTOMERS
Stolen Medicare, Medicaid or insurance numbers can be used to bill for care, medical equipment or prescriptions patients never received. (kali9/Getty Images)
A credit freeze alone won’t stop a claim under your insurance
A freeze blocks new accounts, but it does nothing about a claim filed with your insurance number. Because medical identity theft can move without touching your credit file, monitoring where your personal information appears is the earliest way to act on it.
An identity theft protection service can monitor the dark web, data broker sites and people-search sites for exposed SSNs, driver’s license numbers, medical ID numbers and email addresses. It can also track all three credit bureaus for medical collections that may follow and flag public-record changes tied to your name.
If misuse happens, some services include fraud resolution support to help you request records, dispute fraudulent claims and work with providers, insurers and credit bureaus. Some plans also include identity theft insurance for eligible recovery costs.
No service can prevent every misuse of your medical identity. However, ongoing monitoring may flag exposed information before another person’s treatment reaches your records and your insurance.
See my tips and best picks on Best Identity Theft Protection at CyberGuy.com.
Kurt’s key takeaways
Medical identity theft hits in a place most of us rarely check: our health records. A stolen credit card can usually be canceled quickly. A stolen Medicare or insurance number can create fake claims, wrong diagnoses and benefit headaches that follow you long after the fraud case ends. I would not wait for a credit alert here. Check your EOBs, Medicare Summary Notices and insurer portals for visits, prescriptions or equipment you never received. Also, treat your insurance card like a payment card. Do not give the number to anyone who calls, texts or emails out of nowhere with a free offer. The most important thing is to act fast. Call your insurer or Medicare, ask for the claim details and request your medical records in writing. Then file at IdentityTheft.gov, so you have the paperwork you need if fraudulent bills or collections show up later.
Have you ever spotted a medical bill, insurance claim or EOB for care you never received? Let us know by writing to us at CyberGuy.com.
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Sign up for my FREE CyberGuy Report
- Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
- For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com – trusted by millions who watch CyberGuy on TV daily.
- Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.
Copyright 2026 CyberGuy.com. All rights reserved.
-
Health6 minutes agoParasitic infection causing ‘explosive’ stomach illness exceeds 1,000 cases in northern state
-
Sports8 minutes agoLondon descends into disorder as Morocco fans flood streets after World Cup elimination by France
-
Technology13 minutes agoGoogle turns old phones into cloud servers
-
Business21 minutes agoWaymo is starting robotaxi service in San Diego
-
Entertainment23 minutes ago‘Children of Blood and Bone’ author won’t see film after feud with star Amandla Stenberg
-
Lifestyle28 minutes agoAfter her son’s death, she found a new purpose. ‘He’s whispering: Mom, this is your path’
-
Politics36 minutes agoIran ceasefire is ‘over,’ Trump says, and orders additional strikes
-
Science38 minutes agoDiarrhea-causing cyclosporiasis exceeds 1,000 cases in U.S. What Californians should know