|
June 25, 2019 - What can you accomplish over a nine-year period? You could go from high school to graduating with a PhD. There are now programs that can take you from undergraduate to a medical or law degree within that window. John F. Kennedy started a program that put a man on the moon in less time. Oh yea, and if you are Dominion National - a benefit's administrator and provider of vision and dental insurance - you could take that amount of time to discover that you've had an ongoing data breach for that same period of time.
You can't make this stuff up! You can consider this story a tragic comedy. And it raises a lot of questions; not the least of which is just exactly who was running their computer network?
Most people would agree that computing has changed a lot over the last nine years. It's faster than it used to be. Computer coding has had a real focus on data security. And computer networks are now commonly monitored for network intrusion. Apparently, none of that was happening at Dominion National though. If they changed out their computers, they put the same old code on the new models without reviewing it.
According to an article in Health IT Security, someone in the company received an alert about a potential data breach and started an investigation which concluded on April 24th of this year. The investigation determined that an unnamed… and perhaps unknown… party gained access to the company's patient records as early as August of 2010. HIPAA requires that data breaches be reported within 60 days. Since this story just came out, it looks like the company waited until the last possible moment to make their announcement.
The data involved in the breach included everything needed to commit identity theft, medical identity theft and bank fraud. In some cases, the data included bank account numbers and routing numbers. That's all anyone needs to drain your account.
The company is offering anyone receiving a notice two years of credit monitoring. Unfortunately, the victims here will have a life-time of looking over their shoulders to make sure their identities aren't stolen.
Anyone who believes that their data may have been put at risk by this hack should do several things immediately to protect themselves. If you believe that your bank account information was included in the hack, you need to close those accounts and open new ones immediately. The same is true for any credit card numbers you think could have been in the company's possession. It is also highly advisable that victims freeze their credit files with Experian, Equifax and TransUnion. You can do that for free now in all states but you will have to call each of the companies above separately.
Victims also need to closely monitor their bank and credit card statements to fraudulent activity. The same holds true with medical insurance statements.
Finally, victims need to start looking at their credit reports regularly. Everyone is entitled to look at their credit report from each of the companies mentioned above. You can do this for free, one time, every year. If you do each one separately, you can get one every four months. To make these requests, you must contact AnnualCreditReport - this is the only federally authorized agency to provide these to you without any marketing hitch. You can make your request online through their portal, but we strongly discourage that (which is why we aren't linking to them). Their privacy policy is terrible and allows your data to be sold and shared.
The best way to make your request is by phone, which doesn't allow your data to be used for other purposes. You can reach them at 877-322-8228.
byJim Malmberg
Note: When posting a comment, please sign-in first if you want a response. If you are not registered, click here. Registration is easy and free.
|
Identity Theft 
