Healthcare Data Breaches—Who’s Been Affected and What Can You Do?


What’s your biggest concern about visiting your doctor? For many, it’s the chance of facing needles. In this era of electronic medical records, however, that concern may be shifting to how your health records and personal information is being managed.

According to the Department of Health and Human Services, since 2009 the data of more than 120 million people has been compromised in over 1,100 separate breaches at organizations handling protected health data. In 2015 alone, breaches occurred at some of the more well-known organizations like Anthem, Premera Blue Cross and the UCLA Health System.

Anthem, the nation’s second-largest health insurer, announced in February 2015 that hackers broke into a database containing personal information from 80 million records. Then in March 2015, the health insurer Premera Blue Cross reported that it was the victim of a cyberattack that exposed medical and financial data of 11 million customers. Finally, in July 2015, UCLA Health System reported a data breach that affected 4.5 million consumers. The organization also reported that the breach had gone undetected since September 2014. For more information on all breaches of unsecured protected health information affecting 500 or more individuals, the Department of Health and Human Services keeps a running report that can be accessed through the Department’s breach portal.

With your health records and personal information at risk, what can you do? We’ve included a list of tips below to help keep your personal information secure if you’ve been impacted by a data breach:

1. Set up a credit freeze or fraud alert through Experian, TransUnion and Equifax. With a credit freeze, no one can check your credit without your permission, and with fraud alerts, anyone checking your credit reports (such as credit card company) is notified that you’ve been a victim of identity theft so they’ll conduct additional background checks before extending credit.

2. Change passwords and login usernames for all social, financial and personal sites, or just sign up for a password manager that offers features such as strong password generation and security notifications.

3. Enable 2-step authentication whenever it is offered, as a simple second step that provides additional security for your accounts. For example, you can have a login code sent to your phone via text. Here’s how you can set it up with Password Boss.

4. Notify each credit card that you’ve been the victim of a data breach, and set alerts on your credit cards for unusual charges such as charges from out of the country, charges over a certain amount, etc.


While healthcare data breaches are now simply a reality that consumers need to face, if you are the victim of a healthcare breach keep these important next steps in mind in order to prevent further damage and protect yourself.