The parade of data breaches at major health care providers continues as I predicted in my USA Today column last December. Here is a link to that column. http://www.usatoday.com/story/money/personalfinance/2014/12/20/cyber-hack-data-breach/20601043/
The present data breach is of the UCLA Health System and it may have been going on undetected since September of 2014 until recently being discovered. The information that may have been compromised is a treasure trove of data for identity thieves. It included names, Social Security numbers, medical records, ID numbers and addresses on 4.5 million people. But, as I always say, things aren’t as bad as you think — they are worse. The stolen data was totally unencrypted making the threat to the people in the UCLA Health Systems computers more serious.
Medical identity theft can not only result in your financial life being threatened. The mixing of medical records of the victim of the identity theft with the medical records of the identity thief utilizing the medical insurance can potentially be deadly, such as when a person might receive the wrong blood type in a transfusion or a drug to which they may be seriously allergic. Again, compounding the problem, it can be extremely difficult or even impossible to remove the identity thief’s medical information from the victim’s medical records after the problem has been discovered due to quirks in the medical privacy laws.
If you are one of the people affected by this data breach, UCLA will be notifying you by regular mail and will explain your options. They will not be notifying people by email or text messages so if you receive such a communication, you should not click on any links contained in the email or text message because they have been sent by an identity thief as a phishing email attempting to lure you into downloading malware by clicking on the link.
Those people affected will be offered free credit monitoring for a year. They also should monitor their financial and medical insurance accounts carefully for early indications of fraud. Putting a credit freeze on their credit reports would also be a good step to take. You can find more information about credit freezes here in the Scamicide archives.
Here is a link to a press release by UCLA which describes the data breach and your options.