CareOregon Advantage Files Notice of Recent Data Breach

Console and Associates, P.C.
Contact

CareOregon Advantage, based in Portland, Oregon, recently confirmed a data breach stemming from the accident disclosure of certain current and former members’ personal information. While details about the CareOregon breach are still forthcoming, it appears as though the breach exposed the sensitive information of as many as 10,467 individuals.

If you received a data breach notification, it is essential you understand what is at risk. More about our investigation into this breach, and what you can do if your data was stolen, is available here.

The Link Between Data Breaches and Identity Theft

Technological advancements over the past few decades have allowed for more information to be stored electronically. While this makes it easier for businesses and other organizations to maintain consumer data, it also exposes this information to the risk of a data breach. In fact, according to recent estimates, as many as 15 million people fall victim to identity theft every year. Many cases of identity theft cases arise as a result of data breaches, such as the one recently announced by CareOregon.

Identity theft occurs when a criminal actor uses another’s information to assume their identity. There are several reasons why someone may attempt to steal another’s identity. Most often, criminals engage in identity theft for their own financial gain, for example, by opening up a bank account or credit card in a victim’s name. On average, victims of identity theft spend more than $1,300 and about 200 recovering their identity. However, in some cases, the harms are much worse. For example, in cases of criminal identity theft, a criminal provides a victim’s information to the police if they get arrested, possibly leading to a warrant for the victim’s arrest and even a criminal record. In other cases, criminals use consumers’ protected health information against them by threatening to release the information unless the victim pays a “ransom.”

By investigating the CareOregon data breach, Console & Associates, P.C. hopes to help victims understand the possible risks of identity theft and learn how they may be able to obtain compensation for everything they’ve gone through and may need to go through in the future.

About CareOregon

CareOregon provides health insurance benefits to those who qualify for Medicaid. Through its plans, CareOregon enables members to access physical, dental, and mental health services, as well as substance abuse treatment. CareOregon Advantage is a plan specifically designed for those who qualify for both Medicare and Medicaid. CareOregon has more than 473,000 members and generates over $1.87 in annual revenue.

Data Breaches Are Becoming a National Crisis

The concept of a data breach is not new; however, given changes in how cybercriminals are carrying out their attacks, the risks to consumers are greater than ever before. For example, between the years 2020 and 2021, the number of data breaches increased by 68%. However, the total number of data breach victims over this same period actually decreased by about five percent. Unfortunately, this isn’t necessarily good news. According to the Identity Theft Resource Center, the reduction in the number of victims is a function of cybercriminals focusing their efforts on obtaining more on stealing specific types of data, such as bank account information, Social Security numbers, and protected health information. Not surprisingly, data breaches involving this information present a much greater risk to consumers. Still, there are more than 188 million data breach victims per year.

Data breaches occur in several ways. For example, the installation of malware programs, ransomware attacks, and phishing scams are all common. In each of these, a hacker targets an organization, usually with knowledge or suspicion of vulnerabilities in the company’s data security system. Once the hacker accesses an organization’s computer network, they can access and steal any consumer data located on the affected network.

Organizations such as businesses, non-profits, educational institutions and healthcare providers all have an essential role in preventing data breaches. When an organization stores consumer data, it assumes a duty to protect that information. In reality, an organization’s data security system is the front line of defense against a cyberattack. Thus, it is imperative that organizations understand their data security responsibilities and that they take them seriously. Unfortunately, many organizations have been slow to adopt the latest data security measures, despite raking in millions of dollars in profit each year. Data breach class action lawsuits hold organizations accountable for their lax data security measures, allowing consumers to send the message that their privacy is important.

What to Do After a Data Breach

Any company or organization that experiences a data breach must provide notice of the breach to affected individuals. These data breach notices provide crucial information and should not be ignored. If you received a data breach letter from CareOregon, it is important you take the following steps to protect yourself.

  1. Carefully Review the Letter to Confirm What Information Was Compromised: After receiving a data breach notification, the first thing to do is to carefully read the letter to determine what information was involved. While this list provides some basic advice on what to do following a data breach, there are additional steps to take depending on the type of information that was leaked. Also, keep a copy of the data breach letter for your records.

  2. Stop All Future Access to Your Accounts: Regardless of the nature of the data breach or what data of yours was compromised, it is important that you change all passwords and security questions for your online accounts, especially your online banking login information. For those accounts that allow you to set up multi-factor authentication, it’s a good idea to do so, as this makes it much harder for an unauthorized party to access your accounts.

  3. Protect Your Credit: More than 70% of data breaches involve compromised Social Security numbers or bank account information. This is by design, as cybercriminals can relatively easily use this information for their own financial gain. Thus, it is essential to take the necessary steps to prevent unauthorized access to your credit. After announcing a data breach, organizations usually offer free credit monitoring for a certain period of time. Importantly, you don’t give up any rights by signing up for free credit monitoring, so there is no reason not to do so.

  4. Think About Placing a Credit Freeze: A credit freeze is an alert on your credit file placed by one of the three major credit bureaus (TransUnion, Equifax and Experian). When the credit bureau puts a credit freeze on your account, it prevents anyone from accessing your credit unless you give them permission to do so. Credit freezes remain active until you remove them; however, you can temporarily lift a freeze, for example, if you need to apply for a loan. According to the Identity Theft Resource Center, placing a credit freeze is the “single most effective way to prevent a new credit/financial account from being opened.” However, ITRC reports that just 3% of consumers whose information is leaked place a freeze on their accounts.

  5. Closely Monitor Your Credit Report and Bank Accounts: For data breach victims, the unfortunate reality is that addressing the situation is an ongoing effort. Protecting yourself from the ongoing threat of identity theft is something you need to stay on top of. After receiving a data breach notification, regularly check your bank accounts and credit card accounts for any signs of unfamiliar transactions. You should also regularly check your credit report. By doing so, you will be able to tell whenever a company runs a credit check.

  6. Contact a Data Breach Lawyer as Soon as Possible: If your information was exposed through a data breach, it is important you don’t wait to speak with a lawyer. Under the United States data breach laws, the company responsible for keeping your information safe may be financially responsible for your damages. These damages are intended to compensate you for the money and time dedicated to recovering your identity. However, these cases aren’t just about the money. Data breach class action lawsuits are also important tools consumers can use to convince large companies to take data security more seriously. Over time, organizations will learn that they either need to implement more comprehensive data security measures or face the threat of financial liability.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations. Attorney Advertising.

© Console and Associates, P.C.

Written by:

Console and Associates, P.C.
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Console and Associates, P.C. on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide