If you’re a consumer and you believe there has been a healthcare data breach, you should take the following steps:
- Identify the Breach: Determine what information was involved and how the breach occurred, if possible.
- Contact the Affected Healthcare Provider or Business: Reach out to the healthcare provider or the business where the breach occurred to report your concerns and obtain more information.
- Report to the Federal Trade Commission (FTC): If the breach involves electronic personal health records, you should report it to the FTC.
- Notify Other Affected Parties: If your financial information, such as credit card or bank account numbers, has been compromised, notify the financial institutions so they can monitor your accounts for fraudulent activity.
- Visit IdentityTheft.gov: Use this resource to create an individualized recovery plan based on the type of information exposed. Your report will be entered into the Consumer Sentinel Network, a database available to law enforcement agencies.
- Monitor Your Accounts: Keep an eye on your financial statements, credit reports, and any explanation of benefits from your insurance company for any irregular activity.
- Consider Additional Steps: Depending on the information exposed, you may want to place a credit freeze on your credit report or take other steps to protect yourself from identity theft.
- Stay Informed: Follow any guidance provided by the healthcare provider or business that experienced the breach. They should inform you about their response to the breach and any steps you should take.
- Understand Your Rights: Familiarize yourself with the laws that protect your data privacy, such as the Health Insurance Portability and Accountability Act (HIPAA), the FTC Act, and the Health Breach Notification Rule.
- Contact Your State Attorney General: If you’re not satisfied with the response from the healthcare provider or business, or if you need further assistance, you can contact your state attorney general’s office for help.
Remember, healthcare providers and businesses that handle personal health information are required by law to notify affected individuals in the event of a data breach. They must also report significant breaches to the HHS and, in some cases, to the media.