I wonder why they needed to store SSNs online. They use SSNs to run a credit check and identity a person. Why then is it not stored encrypted and over an air gap? They can use email and phone numbers to recover passwords. This is absolutely ridiculous.
They said in an email that they would pay for one year of credit protection for all those that they say were victimized. I don't think that they are capable or trustworthy enough to state who was victimized. It looks to me that they are just ignoring their responsibility for this attack. They also stated that they do not think health records have been compromised. I believe that they are just trying to avoid HIPAA fees. If so much personal data was stolen, it is likely that health information was also stolen. Generally, the patient's personally identifiable information is stored more securely than their actual health record.
Now I'm off to get credit protection for me, my wife, and my one year old. Does anyone have any advice on where to begin?
They said in an email that they would pay for one year of credit protection for all those that they say were victimized. I don't think that they are capable or trustworthy enough to state who was victimized. It looks to me that they are just ignoring their responsibility for this attack. They also stated that they do not think health records have been compromised. I believe that they are just trying to avoid HIPAA fees. If so much personal data was stolen, it is likely that health information was also stolen. Generally, the patient's personally identifiable information is stored more securely than their actual health record.
Now I'm off to get credit protection for me, my wife, and my one year old. Does anyone have any advice on where to begin?