On May 20, 2022, Alameda Health System (“AHS”) reported a hacking or “IT incident” that breached AHS email. At this time, it is unknown what information was accessed or may have been downloaded by the hacker.
No Data Breach Notice with more details has yet to be reported by the California Attorney General’s Office, nor does anything appear to have been posted yet on AHS’s website. However, California state laws require data breach reporting to the Attorney General’s Office when over 500 individuals are affected by a data breach, so we expect to see more details reported.
According to the HHS reporting, 90,000 people were affected by this email breach.
For a free privacy consultation fill out the form below or call us at 1-844-BREACH8 (1-844-273-2248).
This is the second data breach reported by Alameda Health System within the past 2 years.
What Personal Information Is At Risk?
We are in the process of investigating this cyber event, and details of the data access or stolen have not been released at this time, but, in our experience, in these situations it can include the following:
- Dates of Birth
- Social Security Numbers
- Driver’s License numbers
- Medical Information
- Health Information
- Health Insurance Information
- Financial Account Numbers
We will update this story as we learn more information.
Special California Privacy Laws Protect You
If you are a California resident, the California Confidentiality of Medical Information Act (CMIA) requires that every health care provider who maintains medical information do so in a manner that preserves its confidentiality. Participants in data breach lawsuits can recover damages, injunctive relief (to make sure that the business has reasonable security practices to protect consumer data from being leaked again), and anything else the court concludes is necessary to compensate data breach victims and prevent these harms from reoccurring.
Under the CMIA, if your medical information maintained by AHS was accessed or disclosed during this AHS hacking incident, compromising its confidentiality, you may be entitled to $1,000 and your actual damages resulting from the negligent release of your confidential information.
As Personal Data Doesn’t Degrade, Identity Theft Services, Credit Monitoring, and Other Credit Protections May Be Required to Prevent Identity Theft
Cyber crimes present an attractive target for hackers: Data can be bought and sold anonymously, and the going rate per personal record is estimated to be in the range of $20 per record, depending on the type of information (according to Privacy Affairs Dark Web Index of 2021).
Medical records and health insurance information are even more valuable, as that data can potentially provide access to expensive health care along with other forms of identity theft. Particularly with data such as Social Security Numbers, cyber thieves may choose to wait years to capitalize on compromised personal data. The longer cyber thieves can go undetected, the more they stand to profit from their illegal activities.
Not every data breach will lead to identity theft. But once you know your data has been disclosed, it is reasonable to be concerned that your data will be used to cause you significant financial losses. Compromised data also increases the risk of hacking, phishing, and increased anxiety over future losses and identity theft.
Steps You Can Take To Protect Yourself If Your Personal Information Has Been Compromised
- Purchase credit monitoring services
- Order and review your credit reports – you are entitled to one free report from Experian, TransUnion and Equifax annually
- Review your account statements regularly for suspicious activity
- Place a “fraud alert” with one of the three major credit bureaus
- Place a “security freeze” on your credit report
- Secure legal representation
What Is The Difference Between A “Credit Freeze” and A “Fraud Alert”?
A credit freeze the strongest step you can take to prevent fraudulent accounts being opened under your name. A credit freeze prevents a credit bureau from sharing your information with others. You can put a credit freeze in place with each of the three major credit bureaus by using the following links: Equifax, Experian, and Transunion.
If you put on a credit freeze, no one will be able to open new credit accounts in your name. You can still use your active credit cards with a freeze in place. It costs nothing to put a credit freeze in place, lasts indefinitely, and will not affect your credit score.
However, if your credit card information has been compromised, a credit freeze will not prevent a cyber-thief from making purchases with your stolen card. Cancelling the card and getting a new card with a different number is the only way to stop such transactions from taking place.
You can also place a fraud alert on all of your credit reports. Fraud alerts are free and are a flag for potential credit providers that you may have been a victim of identity theft. They allow you to apply for new credit cards and other forms of credit without having to unfreeze your account.
Fraud alerts can last one to seven years, and can be lifted by you at any time. Once you put a fraud alert in place at one credit bureau, it will alert the other two for you. You can put a fraud alert in place with any of the three major credit bureaus by using the following links: Equifax, Experian, and Transunion.
We Can Help You Exercise Your Rights Under California Law
Experienced data breach and class action attorneys can help you exercise your rights, evaluate your options, and decide whether you should seek compensation under the CMIA. There are no out of pocket costs to you, as we only get paid if we prevail.
If you have used the services of AHS and are concerned about this breach and what your options are, simply fill out the following form or call us at 1-844-BREACH8 (1-844-273-2248).