Earlier this week, Oklahoma City Indian Clinic (“OKCIC”) announced that it experienced a data breach impacting the names, Social Security numbers and protected health information of certain patients. On May 9, 2022, OKCIC sent out data breach letters to all affected parties, informing them of the incident and what they can do to protect themselves from identity theft and other frauds.
If you received a data breach notification, it is essential you understand what is at risk and what you can do about it. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the Oklahoma City Indian Clinic data breach, please see our recent piece on the topic here.
What We Know About the Oklahoma City Indian Clinic Data Breach
According to a notice posted on the clinic’s website, on March 10, 2022, Oklahoma City Indian Clinic learned of a data security incident affecting its computer system. Believing that the incident may have impacted consumer information in the clinic’s possession, OKCIC enlisted the assistance of a third-party forensic firm to investigate the incident. This investigation confirmed that an unauthorized party was able to access—and potentially retain—sensitive consumer information.
Upon learning of the unauthorized access, OKCIC then sought to identify whether any parties’ sensitive information was contained in the affected files. Subsequently, the clinic completed its review of the compromised files. While the breached information varies based on the individual, it may include your name, date of birth, treatment information, prescription information, medical record, physician information, health insurance policy number, phone number, Tribal ID number, Social Security number, driver’s license number. As many as 38,239 individuals are believed to have been impacted by the OKCIC breach.
On May 9, 2022, OKCIC issued data breach letters to those whose information was compromised in the breach.
What You Can Do After a Data Breach
Falling victim to a data breach may not seem like a big problem at first. Often, there is no immediate harm stemming from someone accessing your personal, financial, or healthcare-related information—at least not that you can see. However, data breaches pose a major risk, and it is important that anyone who learns their information was compromised in a breach takes the necessary steps to protect themselves.
For example, the OKCIC data breach involved very sensitive data such as Social Security numbers and protected health information. Armed with this data, a cybercriminal likely has enough information to steal an individual’s identity. However, by taking certain steps you can reduce the risk of identity theft following a data breach.
Determine What Information Was Leaked – The first step is to closely review the data breach letter to determine what information of yours was compromised. Depending on what information an unauthorized party was able to access informs how you should proceed.
Protect Your Accounts – If the breach affected any account for which you have an online login, you should immediately change your password and security questions. Additionally, if you used any of the breached information in any of your other passwords, for example, by using your street name and birthdate as a password, you should change those passwords as well.
Monitor Your Credit Report – Not all cybercriminals are motivated by financial greed; however, the vast majority are. Thus, these criminals will often try to use the information they obtain in a breach for their own financial gain. Your credit report is the best place to monitor for any unauthorized activity. If a hacker attempts to open a credit card or take out a loan in your name, you’ll be able to tell by reviewing your credit report.
Consider Putting a Freeze on Your Credit Account – If you have any reason to believe that a cybercriminal accessed your Social Security number or any financial information, you should consider placing a credit freeze on your account by contacting one of the three major credit bureaus. When you place a credit freeze on your account, a company cannot pull your credit without your advanced approval. Credit freezes last until you remove them; however, even when a credit freeze is in place, you can permit a company to pull your credit by providing authorization.