In recent years, healthcare institutions have become more and more a target for cyberattacks. The breaches often involve both personal information and sensitive medical information—all of which can have long-standing impacts on a patient once it is compromised. The Healthcare Therapy Services, Inc. (HTS) data breach reminds us that reputable, trusted healthcare providers can also be caught up in a sophisticated cyberattack.

After a data breach occurs, a patient is often unsure of what they should do next. However, taking timely and deliberate action can reduce your risk and prevent further damage. Here are the steps that every patient should take following a healthcare data breach.

1. Read the Breach Notification Carefully

If you receive a notice from your healthcare provider that your information was breached, don’t overlook it. The letter will normally inform you of significant information, including what type of information was compromised, the breach’s timeline (date and time), and what steps the company is taking. Knowing the risk is important.

2. Review Your Financial and Medical Accounts

Despite only limited information being disclosed, perpetrators might combine information from different breaches to commit fraud. Check your bank and credit card statements on a regular basis. Also check to see if there are any unusual charges on your Explanation of Benefits (EOBs) forms, and on other medical bills. If you see something suspicious, reach out to your bank and healthcare provider immediately.

3. Place a Fraud Alert or Freeze on Your Credit

If your Social Security number or financial information was compromised, contact one of the three major credit bureaus: Experian, Equifax, or TransUnion, to either place a fraud alert, or to freeze your credit history. This protects your credit file from unauthorized access, preventing criminals from opening accounts in your name.

4. Change Passwords and Use Two-Factor Authentication

If the affected provider offers online accounts, you should change your password on those accounts as soon as you can. Use passwords that include letters, numbers, and special characteristics making them stronger and more unique combinations. If you can use two-factor authentication (2FA) to the accounts, enabling two-factor authentication will require the user to validate access to the account in another way, making your account safer.

5. Remain Vigilant Against Phishing Scams

If a breach occurs, bad actors will often send spoofed emails impersonating the medical or public health agencies. These emails may request personal information or may have links to harm your device. Do not click on the links or attachments and do not reply without verifying the original.

6. Know Your Legal Rights

Federal and state data protection laws give patients certain legal rights. If any personal or medical information was involved in the exposure, you may also be entitled to compensation for time, stress, or financial loss attributable to the hacking of your information. You may want to consult with a data breach attorney in the USA to learn about your legal options and determine whether you have grounds for a potential data breach claim.

7. Keep Track of Updates

Healthcare providers may be required to provide updates as investigations continue. As such, hold on to copies of all correspondence related to the breach including letters and emails if you need to provide documentation at a later point in time.

Conclusion

Finally, data breaches in healthcare can cause anxiety but making informed decisions can make a real difference. Remaining vigilant, checking accounts for inaccuracies, and understanding the rights of your information can help mitigate harm and return some control of your information. As incidents like the Healthcare Therapy Services, Inc. breach highlight, protecting patient data is not just a company’s responsibility—it’s also about empowering individuals to act wisely when things go wrong.