More than 80,000 people had their personal information compromised by a security breach at Aventura Hospital, the third such incident at that facility in the past two years.
According to the hospital, no medical information was exposed. However, the true extent of a data breach is not always clear at the outset.
Recommended Videos
Personal health information is extremely valuable to cyber-criminals, who will pay much more for a stolen medical record than they will a valid credit card number, even though the latter can be turned quickly into cash. And the risk of a stolen medical record is not just financial.
If someone else uses your medical identity, it pollutes your lifetime medical records. In the future, that could lead to a misdiagnosis based on bad information, a prescription mistake or other inappropriate treatment. For example, you could be allergic to penicillin, but your medical record might say you'd successfully received treatment with that drug. In an emergency care situation this could cost you your life.
There are five things you should do right away if you have reason to believe your medical information has been compromised:
1. Accept credit monitoring services.
If the organization that compromised your information offers these services, take them. Credit monitoring can help alert you early to suspicious activity involving some of your financial accounts. Unfortunately, traditional credit monitoring services do little to help the victims of medical identity theft. These services only monitor financial transactions, with no visibility into a victim's medical ID. That's why it's very important to follow step No. 2.
2. Carefully read and understand the "Explanation of Benefits" forms that come in the mail to ensure you actually received the services listed.
Scan all insurance or other medical information with a careful eye. Pay special attention to providers you don't recognize or treatments that don't sound like the care you have actually received.
3. Be on high alert for phishing emails, texts or phone calls.
Now that some your information has been compromised, scammers or thieves could contact you for additional personal or financial information by email, text message or phone call. Using a bit of information to establish trust and pull more sensitive data from you is called "social engineering." Don't respond to these messages or links. Legitimate organizations and companies will never ask for this information via unsecured channels.
4. Update your accounts and passwords.
Many people use the same password -- or variation of it -- for everything: unlocking their smartphone, accessing their bank accounts or logging into Facebook. Varying your passwords -- using a combination of letters, numbers and symbols -- and changing them periodically can minimize potential damage.
5. Contact government agencies to place a "flag" on your file.
Putting a flag on your file will help keep an eye out for unusual account activity, suspicious documents and alerts from law enforcement. Some entities have more formal processes for flagging you in their systems than others, but it never hurts to ask.
Bob Gregg is the CEO of ID Experts, a firm that works to return victims of medical identity theft back to pre-theft status. Bob brings 30 years of general management, financial and public company experience to ID Experts having previously served as CEO, CFO and EVP with several technology companies.
Prior to ID Experts, Bob was the founding CFO at Sequent Computer Systems and took the company public prior to an acquisition by IBM. He currently serves on the board of trustees of the OHSU Foundation and the board of the Oregon Sports Authority.