What Patients Should Do If Their Personal Information is Compromised

Cyberattacks can happen anywhere — even in health care settings — so it's important for patients to know what to do.

Health care organizations are increasingly under informational attack, with researchers reporting in a study of 374 ransomware attacks. The study, published by JAMA Health Forum, notedthat the annual count of ransomware attacks on health care delivery organizations was more than doubled from 2016 to 2021, in turn exposing the personal health information of 42 million patients.

The Change Healthcare unit of UnitedHealth Group, the largest billing and payment system in the country managing a third of all patient records in the United States, was struck by a cyberattack in February, according to The New York Times.

David A. Jaffray, chief technology and digital officer of The University of Texas MD Anderson Cancer Center in Houston, spoke with CURE® about what patients can do if they suspect that their data security has been compromised.

Contact Your Care Provider

“We benefit from people who are concerned about any risks to their data when they reach out to us, it's very helpful for us to hear that from them if they have any concerns that maybe it has come from Anderson,” Jaffray said. “We do a very deep dive on every one of those [instances] because it is like a canary in the coal mine: Is there something that we can be doing to further increase our security and management of private information? We're very rigorous in this regard.”

Think About Your ‘Critical Digital Systems’

“Your most critical digital systems, like your banking, like your credit cards, those kinds of things are, in my mind, a first go-to, to make sure that nothing has been tampered with,” said Jaffray. “Do get on a phone with them directly, make sure that the credentials haven't been changed [and that] there has been no change to their underlying information.”

Furthermore, Jaffray urged patients to contact their employer to make sure no financial information has been altered in that regard, either.

“Make sure someone hasn't gone in and changed your banking [and] payment information, [which is a] very common trick, we see the attempts at that quite often,” he said. “And so, these kinds of sort of critical parts to your life progressing — payment, banking, credit, taxes, for example, it's a really good idea to roll your passwords and then at the same time, go in and make sure that those pieces and the systems don't have changes in critical reporting information. … Once you do that, then at some level cyber criminals back to ground zero, they don't have the credentials necessary.”

More Things to Do

Here are additional steps a patient can take if they suspect their medical record has been compromised, according to Jaffray and the team at MD Anderson Cancer Center:

• Review your patient portal account regularly to check for mistakes or unexpected statements.
• Watch for collection letters for services you did not receive.
• Monitor your credit reports.
• Shred any confidential documents.
• Regularly change your passwords and consider utilizing a password manager to avoid duplicating passwords and usernames across different domains.
• For more information, visit the Federal Trade Commission’s consumer protection website.

For more news on cancer updates, research and education, don’t forget to subscribe to CURE®’s newsletters here.