If you have a health savings account (HSA), you may be one of many people who treat it like a savings account or an inactive checking account where you do not check your balance or withdrawals frequently. But your HSA may be an attractive target for fraudsters, and you need to protect it.
DataBreaches.net has heard that fraudsters are now targeting HSAs by using stolen identity information that enables them to change the password on HSA accounts and then transfer funds out of the account. In at least some cases, funds from HSAs have reportedly been transferred to Green Dot cards that were opened in the HSA account holder’s name. Once the funds are transferred to the Green Dot card or any other prepaid card opened in the victim’s name, the funds can be used by the criminals without raising any flags because the card is in the same name as the HSA holder.
There have not been a lot of reports of this type of fraud, but it may be an emerging attack method. So even though your HSA may not be an account you would have checked routinely, treat it like you would your checking account or debit card: if you don’t notify the issuer in a timely fashion of any fraudulent activity, you may not be able to recover any stolen funds.
And while you’re at it, see what security measures are available to you to protect your account. Are you using a strong password? Have you limited the amount of any single transaction? What other protections do you have in place?
And if any reader has experienced HSA fraud or has a family member who has been a victim of fraudulent activity involving their HSA, please email me.