An estimated 4 million Chicago-area healthcare patients may be at risk for identity theft due to a privacy breach at an Illinois company called Advocate Health Care. In July, Advocate Health Care suffered a theft of four computers that held private patient information such as Social Security numbers, addresses and dates of birth — everything a scammer needs to commit identity theft and ruin a victim’s good name and credit.
While the data stored on Advocate Health Care’s computers is password protected, none of the hard drives were encrypted, meaning anyone with a bit of computer knowledge can access it and wreak havoc on the approximately 4 million patients. Their private information, not to mention their health records, could be used for identity theft or sold to the highest bidder for other malicious purposes.
In addition to this huge privacy breach, Advocate Health Care is facing a class action lawsuit. Let’s take a look at what happened and see what’s in store for the patients involved.
Thieves Steal Unencrypted Patient Data
It all started back in July 2013. Four computers were stolen from one of Illinois’ largest healthcare providers, Advocate Health Care. A vast database of customer Personally Identifiable Information (PII) was stored on these computers. At least the computers were password protected, right?
Patient names, addresses, DOBs, and SSN were stolen.
Well, in this case, password protection isn’t enough. None of the data on the stolen computers was encrypted. This means that any scammer or identity thief who knows just a little bit about computer hacking can bypass the passwords and access the files anyway.
Naked Security explains why this password-protected patient data is still at risk:
In theory, then, if you were to put the hard disks into another computer, or boot the “protected” computers from a CD or USB key, you would almost certainly be able to copy off any or all of those four million records.”
In essence, the data is stolen and easily accessible. Advocate Health Care is facing a serious class action lawsuit in response.
The real question is: how much data was stolen and how sensitive is it?
4 Million Patients Face Identity Theft Risk
Patients expect healthcare providers to guard their private information very carefully. A class action lawsuit is pending against Advocate Health Care over this privacy breach.
The stolen information wasn’t just names and DOBs. Social Security numbers were involved and, as we know, a stolen or leaked Social Security number can expose victims to a number of problems.
In the wrong hands, criminals could open up bank accounts, take out loans, and basically assume the identity of the person tied to the SSN.
In response, Advocate Health Care is providing patients with a year of free credit monitoring service. Credit monitoring services keep an eye on your financial transactions carried out in your name and help you spot fraudulent activity on your accounts.
But Advocate is still being sued in a class action lawsuit. Here’s what the plaintiffs’ chief lawyer had to say:
“In this age of advanced technology, Advocate had to realize that its unorthodox methodology for maintaining important and private data posed a risk to safety and security of their patients.”
Given the severity of this security breach, it’s no wonder that consumers have grouped together to pursue legal action against Advocate Health Care. While a year’s worth of identity monitoring is a good first step, unfortunately identity theft can often occur several years after the initial privacy breach and result in serious long-term problems.
Protect Your Identity
If you’re ever worried that something like this could happen to you, protect yourself with a few precautions. Be proactive and educate yourself about the potential damage identity theft can cause — know how to fix the situation before it happens.
To start, be mindful of the information you readily give out. Your SSN is something you should only give out when absolutely necessary.
Second, keep an eye out for breaches of any services that have your information. Third, keep an eye on your credit report. You’re allowed to check your credit report at www.AnnualCreditReport.com for free, once every 12 months.
Follow these steps and you’re en route to protecting your identity. To learn how to protect yourself after your identity is stolen, watch our helpful video right here.
See Also
Are You at Risk? How to Protect Yourself from Health Scams
How To Deal with a Security Breach and Protect Your Private Info
What Should You Do if Your Identity is Stolen? 3 Important Tips for Identity Theft Damage Control
Leave a Reply