Back in June, the electronic medical records company Medical Informatics Engineering (MIE), based in Fort Wayne, reported that it had been the victim of a data breach the month prior. The cyber attack involved the health records of approximately 4 million patients. A follow-up investigation that month revealed that the scope of affected people may also include a number of IU employees enrolled in medical plans offered by the company’s subsidiary, NoMoreClipboard.
Margie Smith-Simmons, a spokeswoman for the university, tells SecurityInfoWatch that as a result of the compromised records at NoMoreClipboard and MIE, IU employees may have had their names, birth dates, addresses, phone numbers and health plan names stolen by hackers. Additionally, IU staffers that had set up healthcare accounts for dependents — such as spouses and children — may have had even more personal information stolen, including usernames, passwords and Social Security numbers.
The university’s Human Resources department notified employees about the data breach in a June 12 email, and then again last month. Additionally, NoMoreClipboard has reached out to affected IU employees about their risk for identity theft. As of yet, none of the school’s employees have reported any fraudulent charges on their credit accounts or misuse of their private information. Additionally, the university declined to specify how many of its staff members may have been compromised in the breach, other than to indicate that it was “a broad population of IU employees [who] were impacted (not limited to IU-Bloomington) and consists of employees enrolled in IU-sponsored medical plans.”
Stories like these are becoming all too frequent reminders of the wide-reaching consequences of a data breach. We often think of identity protection as a practice for personally ensuring that your private data is safeguarded: maintaining unique passwords across different online accounts, setting privacy settings on social media platforms, only giving out Social Security numbers when absolutely necessary and rigorously credit monitoring for dubious and potentially fraudulent activity.
But in this case, and so many others like it, there was nothing that the victims could have done. Whether it’s enrolling in a company health plan, submitting necessary personal information on a job application or swiping a credit card at a department store, there are so many unavoidable actions we engage in on a daily basis that leave us vulnerable to ID theft whether we have a say in it or not.
You can’t always control what you need in life — not everyone has the resources where they can comfortably and affordably go without a health plan, for example. Rather than avoid every necessary service we may need on a day-to-day basis just out of fear they may someday be hacked, you can take more proactive steps on your own, such as signing with a credit monitoring service . This crucial resource can study your credit file for any suspicious activity and alert you in the event that potential evidence of fraud has occurred under your name. From there, you can take further steps, such as filing a fraud alert with your bank or issuing a credit freeze on your accounts, to stop identity thieves in their tracks.