On June 10, Medical Informatics Engineering, an Indiana-based medical software company, disclosed a hack of personal and medical information. The breach affected 3.9 million consumers nationwide; many of which had probably never heard of this company before.
Why? Because third party data breaches, like the Medical Informatics Engineering breach, often become part of a massive chain event.
Both Medical Informatics Engineering’s main network and their NoMoreClipboard’s network were compromised by the attack. These networks handle patient information from the 44 radiology centers and 11 healthcare providers that utilize Medical Informatics Engineering’s third party services.
Exposed information may include patient names, dates of birth, phone numbers, addresses, email addresses, usernames, hashed passwords (hashing is a form of encryption), security questions and answers, Social Security numbers, medical information, health insurance and policy information, spousal information and children’s names and birth statics.
This data may be used to perpetrate identity crimes against those exposed — including identity theft and fraud.
On the surface, the breach appeared to be rather centralized — primarily impacting consumers of healthcare centers in Indiana and Ohio — where Medical Informatics Engineering conducts most of its business. However, as with any third party vendor breach, it only takes one major client to push a data breach to critical mass.
In this case, Concentra, a Texas-based Urgent Care facility, was that catalyst. Concentra has locations in 38 states and utilizes Medical Informatics Engineering’s services to handle their medical records.
Initial reports had only cited an estimated 1.5 million Indianans were impacted by the medical Informatics Engineering breach. Now with nationwide figures that investigate all of their clients, it’s easy to see how much impact just one piece of the puzzle can have.
Third party vendors are becoming a hot topic in risk management. They are hard for companies’ to supervise and they hold a plethora of sensitive data on behalf of their clients — making them a primary target for skilled hackers.
What’s worse is that it’s hard for consumers to protect themselves from the security lapses of these data giants. Companies work with a variety of third party vendors and many are behind the scenes. This makes it difficult for consumers to conduct effective due diligence when deciding to hand over their information to a company or medical center.
So what should you do?
Medical identity theft and financial fraud are chief consumer fears following this attack. Consumers should take the following actions to mitigate these risks:
- Check your credit report for inaccuracies at AnnualCreditReport.com
- Review medical records/statements for signs of medical identity theft
- Review your Explanation of Benefits (EOB) for unfamiliar medical procedures
- Investigate any unfamiliar medical bills and collection calls
- Discuss your concerns with your healthcare provider and review your files together
- Watch for spam or phishing attempts via phone or email
Read Medical Informatics Engineering’s Data Breach Press Release for more information
Medical Informatics Engineering will be providing impacted individuals with two years of free identity protection services. Enrollment information will be provided via mail. Do not respond to enrollment offers sent through email; they are likely phishing scams.
For more information on identity crimes and data breaches, please visit FightingIdentityCrimes.com.
The views and opinions expressed in this article are those of EZShield Inc. alone and do not necessarily reflect the opinions of any other person or entity, including specifically any person or entity affiliated with the distribution or display of this content.