Search
Close this search box.

It is Time to Take Data Breaches Personally

DCIG has written extensively about the steps that technology providers and corporations should take to protect the data that is entrusted to them. This article is different. This article is addressed to you as a private individual about the steps that you personally should take to reduce the likelihood of financial harm associated with the epidemic of cybersecurity incidents in which personally identifiable information was not adequately protected from cybercriminals.

It is Time to Take Data Breaches Personally

YayImages 57349650 portrait of one beautiful and offended child girl cropped

Sometimes, people try to avoid blame by saying, “Don’t take it personally” after doing or saying something hurtful. Unfortunately, many organizations have not adequately protected sensitive information. It is time to take data breaches personally.

If you live in the United States and take prescription medications, there is a significant chance that your data was compromised in the Change Healthcare/United Health Group cyberattack. According to UnitedHealth Group’s own April 22, 2024 press release, “Based on initial targeted data sampling to date, the company has found files containing protected health information (PHI) or personally identifiable information (PII), which could cover a substantial proportion of people in America.”

Nebraska Attorney General’s Office Issues Consumer Alert Regarding Change Healthcare Data Breach

I live in Nebraska, and our Attorney General believes the financial risks are significant enough that on May 24, 2024, the Attorney General’s Office issued a Consumer Alert regarding the Change Healthcare data breach. The consumer alert warns consumers to take action to prevent potential identity theft.

The following information is drawn from that consumer alert, with my observations inline.

Take Action to Protect Yourself from Change Healthcare Data Breach Fraud

“Change Healthcare has not yet notified Nebraska consumers about the data breach. The Nebraska Attorney General’s Office is concerned that a delay in notifying consumers will impact consumers’ ability to be proactive and protect themselves from further harm. The following information is provided to help consumers take proactive steps to protect their data. 

It is likely that many Nebraskans’ data was compromised, including protected health information (PHI) and personally identifiable information (PII), both of which can include identifiers such as names, phone numbers, email addresses, Social Security numbers, medical record numbers, and payment information. 

Actions Recommended by the Nebraska Attorney General

If you have been affected or suspect that you have been affected, here are four steps you can take to protect yourself:

Step 1: Request new credit cards

Photo of vandalized mailbox.
Vandalized Neighborhood Cluster Mailbox. Photo by Timothy Pfannenstiel.

Contact your credit or debit card company and request a replacement card for any payment methods you have used in hospitals and other medical institutions.

DCIG ANALYST VIEW: I wonder if flooding the credit card companies with requests for new cards might create some risks of their own. For example, thieves in our community are vandalizing neighborhood cluster mailboxes, stealing mail before the intended recipients can retrieve it.

If you decide not to request new credit cards, you certainly should follow the attorney general’s advice in step 2.

Step 2: Review statements

Review your banking and card statements and report any suspicious activity to the relevant financial institutions.

DCIG ANALYST VIEW: We should all do this every month as part of basic financial hygiene.

Step 3: Request a credit freeze

Request a credit freeze from Equifax, Experian, and TransUnion. When your credit is frozen, new lines of credit may not be opened in your name without you temporarily lifting the freeze. All consumers, regardless of impact, should consider freezing their credit to prevent credit fraud. A freeze should not stop you from using your existing credit cards or other accounts, but it may slow down opening new credit lines. 

If you are freezing your credit, you will need to contact all three major credit reporting agencies: 

DCIG ANALYST VIEW: This is a smart one-time step that anyone not planning on taking out new loans or opening new credit card accounts can take to reduce the impact of a future identity theft incident.

Step 4: Request and review your credit reports

You can request a free credit report on a weekly basis from www.annualcreditreport.com or by calling toll-free 877-322-8228. It is important to review the reports carefully. Look for accounts you did not open, inquiries from creditors that you did not initiate, and confirm that your personal information, such as your home address and Social Security number, is accurate. 

If you see anything you do not understand or recognize, call the credit reporting agency at the telephone number on the report. You should file an identity theft affidavit online at www.identitytheft.gov. Keep a copy of the affidavit because you may need to give copies to creditors to clear up your records or to access transaction records.

A consumer guide dedicated to preventing Identity Theft is available on the Nebraska Attorney General’s website, ProtectTheGoodLife.Nebraska.gov.

DCIG ANALYST VIEW: Reviewing your credit report weekly should not be necessary once you have placed a credit freeze with all three credit reporting agencies. The agencies recommend reviewing your credit reports from all three agencies at least once a year. In addition, it is a good idea to review your credit report at least 60 days before a planned major purchase or move, since resolving a credit report dispute can take 30-45 days.

Concluding Remarks

Protect yourself. Those of us who live and breath enterprise technology and data protection or who serve as senior executives in corporations are surely already aware of the rash of cybersecurity and ransomware incidents and are seeking ways to reduce the threat to our organizations. But even we may have failed to consider and act to protect ourselves from the failures of others to protect the sensitive data that we have entrusted to them. It is time to act.

Tell a friend. I was also surprised to learn that many people in my social circles had not heard about these incidents and their possible impact on themselves. So ask your family and friends if they know about the data breaches and the actions they can take to reduce their risk.

Protect other people’s data. Finally, whether you work for a technology provider or other business, please take the initiative to protect the data that others have entrusted to you. Enhance your organization’s cybersecurity posture, including its ability to defeat, discover, mitigate, and recover from cyberattacks.

KEEP UP-TO-DATE WITH DCIG

To be notified of new DCIG articles, reports, and webinars, sign up for DCIG’s free weekly Newsletter.

To learn about DCIG’s future research and publications, see the DCIG Editorial Calendar.

Technology providers interested in licensing DCIG TOP 5 reports or having DCIG produce custom reports on their behalf, please contact DCIG for more information.

Share
Share

Click Here to Signup for the DCIG Newsletter!

Categories

DCIG Newsletter Signup

Thank you for your interest in DCIG research and analysis.

Please sign up for the free DCIG Newsletter to have new analysis delivered to your inbox each week.