Over 900,000 hit in massive healthcare data breach — names, addresses and Social Security numbers exposed online

News
By published

How to stay safe and what to do now if you received a data breach notification letter in the mail

An open lock depicting a data breach
(Image credit: Shutterstock)

Hackers and especially ransomware gangs have been on a rampage targeting and attacking healthcare organizations this year. Now, one of the largest dialysis providers in the U.S., DaVita, has fallen victim to a massive healthcare data breach.

As reported by Comparitech, the kidney dialysis company DaVita has revealed that it suffered a data breach earlier this year when hackers gained unauthorized access to servers, primarily located in its laboratories.

While DaVita became aware of this security incident in mid-April, the hackers behind the attack first gained access to its systems on March 24. During which time, they stole all sorts of sensitive personal, financial and medical data.

DaVita hasn’t come out and said which hackers are responsible but after news of the breach was made public, the Interlock ransomware gang took credit for the attack, claiming it managed to steal 1.5TB of data including 683,104 files and 75,836 files according to a previous report from Comparitech.

Whether you, a family member or someone you know gets dialysis treatment at one of DaVita’s centers, here’s everything you need to know about this latest data breach along with some tips on how you can stay safe and what to do now.

Exposed personal and medical info

Now that the dust has settled and DaVita has carried out a full investigation into the security incident, the company has begun sending out data breach notification letters to affected individuals.

According to DaVita’s latest notice (PDF), the following patient data was stolen in the breach:

  • Names
  • Addresses
  • Dates of birth
  • Social Security numbers
  • Health insurance info
  • Medical info (conditions, treatments and test results)
  • Tax ID numbers
  • Images of checks made out to the company

It’s worth noting that the types of stolen data are different for all impacted individuals. While some people may have had all of the data listed above stolen in the breach, this may not be the case for everyone.

How to stay safe after a data breach and what to do next

A nervous woman looking at her phone

(Image credit: Shutterstock)

If you or someone in your household gets dialysis treatments at DaVita, then chances are you may have received a data breach notification letter in the mail or one is on its way out to you.

Inside this data breach notification letter, you can find out exactly what data on you was exposed as a result of the breach. However, you’re going to want to hold onto this letter as DaVita is providing free access to one of the best identity theft protection services for a set amount of time.

I say this as the sample data breach notification letter (linked above) that I looked at doesn’t say a specific time frame but usually, companies provide access to one of these services for either 12 or 24 months. Don’t worry though, as your own letter will definitely include the exact timeframe.

In this case, DaVita is offering impacted individuals access to Experian IdentityWorks. While we haven’t reviewed this particular identity theft protection service yet, it is considered a reliable and worthwhile service. Inside your data breach notification letter, you’ll find a code which you can use to activate your IdentityWorks subscription. However, you will need to do so by November 28th of this year if you wish to claim this free offer.

If your Social Security number or other stolen data is used to commit fraud or identity theft, IdentityWorks has experts standing by to help you regain any lost funds or to restore your identity. In fact, the plan offered by DaVita includes up to $1 million in identity theft insurance.

Besides signing up for this identity theft protection service, you’re also going to want to keep a close eye on your financial accounts for signs of fraud and if you’re really worried, you can also freeze your credit so that hackers or scammers with your stolen information can’t take out loans in your name.

Likewise, you’re going to want to be extra careful when checking your inbox, text messages and even when answering the phone. The reason being is that your stolen information could be used in targeted phishing attacks.

In addition to DaVita, the Interlock ransomware gang has also gone after other healthcare organizations in previous data breaches including Texas Digestive Specialists, Kettering Health and Naper Grove Vision Care back in May. Given that the pace and scope of the group’s attacks seem to be increasing, I don’t see them slowing down anytime soon.

Follow Tom's Guide on Google News to get our up-to-date news, how-tos, and reviews in your feeds. Make sure to click the Follow button.

More from Tom's Guide

See more Computing News
Anthony Spadafora
Anthony Spadafora
Managing Editor Security and Home Office

Anthony Spadafora is the managing editor for security and home office furniture at Tom’s Guide where he covers everything from data breaches to password managers and the best way to cover your whole home or business with Wi-Fi. He also reviews standing desks, office chairs and other home office accessories with a penchant for building desk setups. Before joining the team, Anthony wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.