Several years ago, a thick envelope landed in my mailbox. Its return address was that of the hospital where I’d been receiving treatment. Upon opening the envelope, I was horrified that it contained not only my own medical records, but those of twelve other patients, along with our insurance claims. For some unknown reason, the hospital had put my address on the envelope instead of the claims processor’s address.
I promptly called the hospital to report the erroneous mailing and was instructed to destroy the records, which included patient names, addresses, and their own detailed health information. Several months later, I received a letter from the hospital offering me a year’s worth of free credit protection because of their mistake. What did the hospital do beyond that to secure these wayward records? Nothing. They took my word for it that I'd destroyed the mailing. What if those records had gotten into the hands of someone who wasn't diligent and trustworthy?
Since then, my ears prick up every time I hear of a healthcare data breach, the most recent being at a local hospital where two employees stole patient data to open up cell phone and credit card accounts, as well as exposed data from 15,000 patients, including sensitive medical and financial information and their Social Security numbers. One of my co-workers has already been informed her personal information was exposed and, like I, she received a letter from the hospital offering her free credit protection for a year.
After reading about this latest data breach, I asked our resident online security expert what members can do on their own to protect their personal details and financial information when they’ve fallen into the wrong hands.
“First thing: notify us immediately,” said Scott Heinz, Hanscom FCU’s Assistant Vice President of Digital Strategy. “Even if your financial information with us wasn’t directly affected by the breach, we can put some flags on the account to ensure everyone here is aware of what's happening.”
You should also call every other financial institution you do business with and do the same with them.
Next, he advised doing a full system scan of your computers to make sure they’re not infected with malware, which can further compromise your personal information and financial data. “You should be doing this anyway,” Heinz said, “ideally every day. If you’re not, do a scan now and set up your system to run scans during the night.”
Concurrently, start changing passwords on all of your sensitive online accounts. This includes:
- Your email addresses
- Social networks like Facebook, Twitter, and LinkedIn
- Companies and retailers like Amazon, eBay, Apple, WalMart, PayPal, etc.
- Financial institutions
- Cell phone accounts
- Video, photo, and entertainment sites like Flickr, Netflix, Hulu, Pandora, and YouTube
- Government and tax preparation websites (IRS, Intuit, 1040.com, Healthcare.gov)
- Employment and healthcare (benefits accounts, healthcare reimbursement, insurance coverage)
- Cloud storage (Dropbox, Evernote, etc.)
- Password Managers
- Other sites of personal interest
Heinz pointed out that because so many institutions use their customer’s cell phones as an authentication method for account access, it’s extremely important to contact your cell phone company to let them know your personal information has been compromised.
“Once a criminal has access to your personal information, they may be able to convince your cell phone carrier to redirect your calls and texts to another number,” he said. “Then the criminal can receive the security codes they’ll need to break into your other accounts with multifactor authentication.” Along with contacting your cell phone provider, you’ll want to make sure you’ve changed your cellphone password and that your phone can only be accessed with a PIN or your fingerprint.
Heinz’s last piece of advice: Even if you haven’t been affected by a data breach, be proactive. Hanscom FCU offers credit and debit Mastercards, which come with Mastercard ID Theft Protection™ at no additional cost. He said, "Once you sign up, you can register all your other credit cards, your driver’s license, your passport, and all your personal details like your Social Security number and email addresses. It’s a really, really neat program, and if you are ever affected by a security breach, they’ll help you get replacements and guide you through the process of cleaning up the mess.”