Update: Alameda Health System Notifies Approximately 90,000 Patients About 2-Year Data Breach
▸ New Details About What Personal Information is at Risk
On June 24, 2022, Alameda Health System (“AHS”) began notifying approximately 90,000 affected patients and other individuals that certain personal information may have been accessed by unauthorized third parties.
AHS reported to the California Attorney General’s Office that email accounts of several AHS employees have been accessed without AHS becoming aware of this breach for almost 2 years — from May 2020 to March 2022.
What Personal Information Is At Risk?
According to the Data Breach Notice provided to affected individuals, this egregious breach may have involved the following personal information:
- Date of birth
- Patient ID
- Clinical or treatment information
- Health insurance or claims information
- Social Security number
- Driver’s license number
Protect Your Rights Under California Law
Under the California Confidentiality of Medical Information Act (CMIA), if you received a notice that your medical information was accessed or disclosed during this hacking incident, you may be entitled to $1,000 and any actual damages resulting from the negligent release of your confidential information.
Experienced data breach and class action attorneys can help you exercise your rights, evaluate your options, and decide whether you should seek compensation under the CMIA.
On May 20, 2022, AHS reported a hacking or “IT incident” that took place as a result of breached AHS internal emails.
California state laws require data breach reporting to the Attorney General’s Office when over 500 individuals are affected by a data breach.
According to the HHS reporting, 90,000 people were affected by this email breach.
This is the second data breach reported by Alameda Health System within the past 2 years.
Special California Privacy Laws Protect You
If you are a California resident, the California Confidentiality of Medical Information Act (CMIA) requires that every health care provider who maintains medical information do so in a manner that preserves its confidentiality.
Participants in data breach lawsuits can recover damages, injunctive relief (to make sure that the business has reasonable security practices to protect consumer data from being leaked again), and anything else the court concludes is necessary to compensate data breach victims and prevent these harms from reoccurring.
Under the CMIA, if your medical information maintained by AHS was accessed or disclosed during this AHS hacking incident, compromising its confidentiality, you may be entitled to $1,000 and any actual damages resulting from the negligent release of your confidential information.
As Personal Data Doesn’t Degrade, Identity Theft Services, Credit Monitoring, and Other Credit Protections May Be Required to Prevent Identity Theft
Cyber crimes present an attractive target for hackers: Data can be bought and sold anonymously, and the going rate per personal record is estimated to be in the range of $20 per record, depending on the type of information (according to Privacy Affairs Dark Web Index of 2021).
Medical records and health insurance information are even more valuable, as that data can potentially provide access to expensive health care along with other forms of identity theft. Particularly with data such as Social Security Numbers, cyber thieves may choose to wait years to capitalize on compromised personal data. The longer cyber thieves can go undetected, the more they stand to profit from their illegal activities.
Not every data breach will lead to identity theft. But once you know your data has been disclosed, it is reasonable to be concerned that your data will be used to cause you significant financial losses. Compromised data also increases the risk of hacking, phishing, and increased anxiety over future losses and identity theft.
Steps You Can Take To Protect Yourself If Your Personal Information Has Been Compromised
- Purchase credit monitoring services
- Order and review your credit reports – you are entitled to one free report from Experian, TransUnion and Equifax annually
- Review your account statements regularly for suspicious activity
- Place a “fraud alert” with one of the three major credit bureaus
- Place a “security freeze” on your credit report
- Secure legal representation
What Is The Difference Between A “Credit Freeze” and A “Fraud Alert”?
A credit freeze the strongest step you can take to prevent fraudulent accounts being opened under your name. A credit freeze prevents a credit bureau from sharing your information with others. You can put a credit freeze in place with each of the three major credit bureaus by using the following links: Equifax, Experian, and Transunion.
If you put on a credit freeze, no one will be able to open new credit accounts in your name. You can still use your active credit cards with a freeze in place. It costs nothing to put a credit freeze in place, lasts indefinitely, and will not affect your credit score.
However, if your credit card information has been compromised, a credit freeze will not prevent a cyber-thief from making purchases with your stolen card. Cancelling the card and getting a new card with a different number is the only way to stop such transactions from taking place.
You can also place a fraud alert on all of your credit reports. Fraud alerts are free and are a flag for potential credit providers that you may have been a victim of identity theft. They allow you to apply for new credit cards and other forms of credit without having to unfreeze your account.
Fraud alerts can last one to seven years, and can be lifted by you at any time. Once you put a fraud alert in place at one credit bureau, it will alert the other two for you. You can put a fraud alert in place with any of the three major credit bureaus by using the following links: Equifax, Experian, and Transunion.