17 million healthcare records hacked so far this year. Is yours one?
If you do business with CVS Caremark or have a Medicare account, you would be smart to change your credentials sooner rather than later. In the wake of the cyberattack on UnitedHealth Group's Change Healthcare, CyberScoop reports that both of those may be in the line of fire.
The cybercrime ring behind the Change theft notchy claims it stole 4 terabytes of data in that hack, including information on "tens of insurance companies and others," including data from CVS Caremark, Medicare,Loomis, Davis Vision, Health Net, MetLife, and Teachers Health Trust data, and TRICARE.
This may be a revenge move by notchy because it claims it was left out of the $22 million ransom payment UnitedHealth reportedly made to affiliate BlackCat/ALPHV.
You can't be too careful
Whether notchy follows through on its threat or not, you still can't be toocareful.
"The leakage of such sensitive data not only poses a direct threat to the privacy and security of millions of beneficiaries but also has broader implications for national security," people who researched the situation for Menlo Security, said.
However, the full determination of what was stolen has yet to be officially made. Aspokesperson for CVS Caremark told Cyberscoop that "Change Healthcare has not confirmed whether any member or patient information it holds, including CVS Health and CVS Caremark, was affected by this incident at this time."
And United?
Were determined to make this right, the company posted on its website. "UnitedHealth Group continues to make progress in mitigating the impact to consumers and care providers of the unprecedented cyberattack on the U.S. health system and the Change Healthcare services while continuing to expand financial assistance to affected providers.
Healthcare provider hacks are through the roof
United, CVS, and Medicare may be the ones headlining this story, but theyre far from the only ones. Since the beginning of 2024, the U.S. Department of Health and Human Services Office for Civil Rights Breach Portal details more than 17 million healthcare-related records reported as hacked, stolen, etc.
The five largest of the healthcare providers or health plans hit were:
-
Emergency Medical Services Authority (Oklahoma) with 611,743 individuals affected
-
Group Health Cooperative of South Central Wisconsin, 533,809
-
Otolaryngology Associates, LLC (Indiana), 316,802
-
Aveanna Healthcare (Georgia), 65,482
-
Ezras Choilim Health Center, Inc. (New York), 59,861
Time to clean up your act
It's crucial to remember that some of the possible impacts are speculative. Investigations are ongoing, and the full extent of the breach may not yet be clear. However, if what the hackers claim is true and they decide to start selling the data, the snowball effect could be great.
Exposed health information is a prime target for identity theft and related fraud as it contains lots of personally identifiable information (PII). Social Security numbers, birthdays, addresses, emergency contacts, and all thestuff weve been filling out on those medical forms could fall into the wrong hands.
Changing your information after the theft won't prevent its misuse, but revisiting what PII you've given your healthcare provider might save your information from being abused in a future incident.
You should also go to the HSS website that has all the recent data breaches and search to see if your healthcare provider has been involved in a breach. If theywere, the agency suggests you may want to verify the information in your medical record, and/or ask for that information to be corrected. You can do that by requesting a copy of your of your health information and/or requesting an amendment to your health information.
The original headline of this story suggested CVS Caremark was a victim of a hack. It was not.
Photo Credit: Consumer Affairs News Department Images
Posted: 2024-04-10 20:00:29
