A fraud scheme that appears to target the federal tax returns of doctors and other health care professionals has affected several hundred people in several states, including at least 35 doctors in Maine.
Gordon Smith, executive vice president of the Maine Medical Association, said Thursday that his organization expects to hear from more physicians whose Social Security numbers have been used to file fraudulent returns and whose refunds have been stolen.
“It has heated up in the last couple weeks, but we really don’t know where the breach is coming from so I’m not sure how many more are out there,” Smith said.
The fraud also appears to have hit medical professionals besides doctors.
Nancy Johnson, a retired nurse from Cape Elizabeth, said she filed her taxes with H&R Block on April 9 and her accountant told her to expect a nice refund.
“Then I got a call saying the return didn’t go through. Someone had already filed with my Social Security number,” Johnson said.
Medical professionals in several other states apparently have been affected by the same scheme.
On Wednesday, New Hampshire’s U.S. Sen. Jeanne Shaheen called on the Internal Revenue Service and the Secret Service to investigate more than 100 cases of tax fraud against doctors in her state and 40 in neighboring Vermont.
The North Carolina Medical Society says it has heard from at least 100 health care professionals who believe that tax returns were fraudulently filed in their names and that their refunds were diverted.
Nick Knowlton, virtual chief information officer for Symquest, one of the largest information technology firms in northern New England, said he has seen news stories about this fraud scheme. He said the fact that the scam spans several states suggests that the data likely originated from some sort of national or federal database.
Smith, with the Maine Medical Association, said it would be hard to determine which database might have been the source of the breach. Maine physicians’ personal information is in dozens of databases.
Smith expects the number of people affected to rise, partly because many doctors file for tax deadline extensions. Those doctors may not find out until this summer or fall whether their identities have been stolen.
Regardless of where the breach occurred, Knowlton said, it’s a good idea for businesses, especially health care businesses, to take steps to ensure the safety of their digital records.
“There is a lot of valuable data that is stored on medical networks, so that makes them a prime target,” he said.
Matt Paul, a spokesman for Maine Medical Center in Portland, the state’s largest hospital, said a handful of doctors there have been affected.
“We don’t believe this is a local thing,” he said. “We’ve done a forensic evaluation of all of our data systems and don’t believe that any of our systems have been breached.”
Johnson, the retired nurse, has not worked for Maine Medical Center in about 20 years, but still receives a small pension. She said she thinks that could be how her information got compromised.
“I’m always careful,” she said. “I shred all documents that have my information and I don’t give my Social Security number out often.”
Smith said the IRS doesn’t appear to have the resources to combat the problem before people are defrauded. In 2012, the IRS gave out almost $4 billion in false tax return payments.
“These are obviously very sophisticated crimes, but it doesn’t appear that the IRS is equipped to identify obvious false returns when they are filed,” he said.
Peggy Riley, regional spokeswoman for the IRS, said there has been a noticeable increase in fraudulent returns this year but many returns are flagged before refunds are sent.
Since 2011, Riley said, the IRS has halted 15 million suspicious returns and protected more than $50 billion in refunds. The agency processed about 147 million individual tax returns last year and issued more than $333 billion in refunds.
“Identity theft starts outside of the tax administration system when someone’s personal information is stolen or lost,” she said in a prepared statement. “Identity thieves may then use a taxpayer’s identity to fraudulently file a tax return and claim a refund. Identity theft is one of the fastest growing crimes nationwide, and refund fraud caused by identity theft is one of the biggest challenges facing the IRS.”
From 2011 to 2013, the number of fraud investigations initiated by the IRS increased from 276 to 1,492.
Taxpayers who are defrauded eventually receive their refunds, but anyone who is counting on one may have to wait several months while the IRS confirms who the real taxpayer is and disburses the money.
Knowlton, with Symquest, said hackers are always on the lookout for unprotected data systems, and small practices are the most susceptible because many don’t spend a lot of money and effort to protect their information.
“The best thing you can do is put preventative measures in place,” he said. “One breach could put a small practice out of business.”
Smith said all of the doctors he has corresponded with about the tax fraud scheme have taken it in stride.
“I’m amazed at how calm they have been,” he said. “I guess (identity theft) is just part of the world we now live in.”
“More and more records are becoming electronic, and it’s not just medical records,” he said. “The same goes for the banking industry. The more paperless we become, the more risk we assume.”
Johnson, the retired nurse, said she’s still waiting for her refund.
She said she will continue to be cautious about buying goods online or sharing information.
“I’m not paranoid,” she said. “But I don’t want to be checking my bank accounts every day either.”
Eric Russell can be contacted at 791-6344 or at: