Highmark Health, based in Pittsburgh, Pennsylvania, recently confirmed a data breach stemming from an incident involving its computer network. While details about the Highmark Health breach are still forthcoming, it appears as though the breach exposed the sensitive information of as many as 67,147 individuals.
If you received a data breach notification, it is essential you understand what is at risk. More about our investigation into this breach, and what you can do if your data was stolen, is available here.
The Link Between Data Breaches and Identity Theft
Technological advancements over the past few decades have allowed for more information to be stored electronically. While this makes it easier for businesses and other organizations to maintain consumer data, it also exposes this information to the risk of a data breach. In fact, according to recent estimates, as many as 15 million people fall victim to identity theft every year. Many identity theft cases arise as a result of data breaches, such as the one recently announced by Highmark Health.
Identity theft occurs when a criminal actor uses another’s information to assume their identity. There are several reasons why someone may attempt to steal another’s identity. Most often, criminals engage in identity theft for their own financial gain, for example, by opening up a bank account or credit card in a victim’s name. On average, victims of identity theft spend more than $1,300 and about 200 recovering their identity. However, in some cases, the harms are much worse. For example, in cases of criminal identity theft, a criminal provides a victim’s information to the police if they get arrested, possibly leading to a warrant for the victim’s arrest and even a criminal record. In other cases, criminals use consumers’ protected health information against them by threatening to release the information unless the victim pays a “ransom.”
By investigating the Highmark Health data breach, Console & Associates, P.C. hopes to help victims understand the possible risks of identity theft and learn how they may be able to obtain compensation for everything they’ve gone through and may need to go through in the future.
About Highmark Health
Highmark Health is the administrator for Highmark Health Plan, one of the largest Blue Cross Blue Shield insurers in the United States. Some of the plans included in the Highmark Health system include:
-
Highmark Blue Cross Blue Shield
-
Highmark Blue Shield
-
Highmark Blue Cross Blue Shield West Virginia
-
Highmark Blue Cross Blue Shield Delaware
-
Highmark Blue Cross Blue Shield Western New York
-
Highmark Blue Shield Northeastern New York
While many of the company’s customers are located in Pennsylvania, Delaware, West Virginia and New York, Highmark Health serves customers and businesses in all 50 states. The company has over 35,000 employees and generates approximately $18 billion in annual revenue.
Data Breaches Are Becoming a National Crisis
The concept of a data breach is not new; however, given changes in how cybercriminals are carrying out their attacks, the risks to consumers are greater than ever before. For example, between the years 2020 and 2021, the number of data breaches increased by 68%. However, the total number of data breach victims over this same period actually decreased by about five percent. Unfortunately, this isn’t necessarily good news. According to the Identity Theft Resource Center, the reduction in the number of victims is a function of cybercriminals focusing their efforts on obtaining more on stealing specific types of data, such as bank account information, Social Security numbers, and protected health information. Not surprisingly, data breaches involving this information present a much greater risk to consumers. Still, there are more than 188 million data breach victims per year.
Data breaches occur in several ways. For example, the installation of malware programs, ransomware attacks, and phishing scams are all common. In each of these, a hacker targets an organization, usually with knowledge or suspicion of vulnerabilities in the company’s data security system. Once the hacker accesses an organization’s computer network, they can access and steal any consumer data located on the affected network.
Organizations such as businesses, non-profits, educational institutions and healthcare providers all have an essential role in preventing data breaches. When an organization stores consumer data, it assumes a duty to protect that information. In reality, an organization’s data security system is the front line of defense against a cyberattack. Thus, it is imperative that organizations understand their data security responsibilities and that they take them seriously. Unfortunately, many organizations have been slow to adopt the latest data security measures, despite raking in millions of dollars in profit each year. Data breach class action lawsuits hold organizations accountable for their lax data security measures, allowing consumers to send the message that their privacy is important.
What to Do After a Data Breach
Any company or organization that experiences a data breach must provide notice of the breach to affected individuals. These data breach notices provide crucial information and should not be ignored. If you received a data breach letter from Highmark Health, it is important you take the following steps to protect yourself.
-
Carefully Review the Letter to Confirm What Information Was Compromised: After receiving a data breach notification, the first thing to do is to carefully read the letter to determine what information was involved. While this list provides some basic advice on what to do following a data breach, there are additional steps to take depending on the type of information that was leaked. Also, keep a copy of the data breach letter for your records.
-
Stop All Future Access to Your Accounts: Regardless of the nature of the data breach or what data of yours was compromised, it is important that you change all passwords and security questions for your online accounts, especially your online banking login information. For those accounts that allow you to set up multi-factor authentication, it’s a good idea to do so, as this makes it much harder for an unauthorized party to access your accounts.
-
Protect Your Credit: More than 70% of data breaches involve compromised Social Security numbers or bank account information. This is by design, as cybercriminals can relatively easily use this information for their own financial gain. Thus, it is essential to take the necessary steps to prevent unauthorized access to your credit. After announcing a data breach, organizations usually offer free credit monitoring for a certain period of time. Importantly, you don’t give up any rights by signing up for free credit monitoring, so there is no reason not to do so.
-
Think About Placing a Credit Freeze: A credit freeze is an alert on your credit file placed by one of the three major credit bureaus (TransUnion, Equifax and Experian). When the credit bureau puts a credit freeze on your account, it prevents anyone from accessing your credit unless you give them permission to do so. Credit freezes remain active until you remove them; however, you can temporarily lift a freeze, for example, if you need to apply for a loan. According to the Identity Theft Resource Center, placing a credit freeze is the “single most effective way to prevent a new credit/financial account from being opened.” However, ITRC reports that just 3% of consumers whose information is leaked place a freeze on their accounts.
-
Closely Monitor Your Credit Report and Bank Accounts: For data breach victims, the unfortunate reality is that addressing the situation is an ongoing effort. Protecting yourself from the ongoing threat of identity theft is something you need to stay on top of. After receiving a data breach notification, regularly check your bank accounts and credit card accounts for any signs of unfamiliar transactions. You should also regularly check your credit report. By doing so, you will be able to tell whenever a company runs a credit check.
-
Contact a Data Breach Lawyer as Soon as Possible: If your information was exposed through a data breach, it is important you don’t wait to speak with a lawyer. Under the United States data breach laws, the company responsible for keeping your information safe may be financially responsible for your damages. These damages are intended to compensate you for the money and time dedicated to recovering your identity. However, these cases aren’t just about the money. Data breach class action lawsuits are also important tools consumers can use to convince large companies to take data security more seriously. Over time, organizations will learn that they either need to implement more comprehensive data security measures or face the threat of financial liability.