Feb. 21, 2022 – Illinois- based Family Christian Health Centers (“FCHC”) notified current and former patients about a cybersecurity incident that compromised the personal information of 31,000 of its patients. Its investigation into the security breach revealed the files impacted may have contained names, birth dates, insurance card numbers, driver’s license numbers, and copies of patients’ insurance cards and driver’s licenses of dental patients who had received dental services prior to August 31, 2020, and names, birthdates, addresses, insurance identification numbers, and Social Security numbers of non-dental patients who received healthcare services between December 5, 2016, and August 31, 2020. On February 16, 2022, FCHC sent a letter to all persons whose data was compromised by the breach.
What Happened?
On November 30, 2021, FCHC discovered that a ransomware attack had occurred that resulted in a compromise of patient information. FCHC believes that the attack began on or about November 18, 2021
What is FCHC Doing in Response to the Breach?
According to the notice letter it sent to its patients after the attack was discovered, FCHC staff and its outside information technology vendors investigated the event and evaluated FCHC’s network security. FCHC hired a forensics consultant to analyze how the breach occurred and suggest any additional security measures. FCHC says it has taken steps to enhance its technical safeguards to help minimize the occurrence of future cyberattacks.
FCHC is not offering any identity theft protection services to its patients.
Should You Be Concerned?
If you received a data breach notification letter from FCHC, your personal data may have been seen by unauthorized cyber-criminals. Worse, the cyber-criminals may have removed your data from the company’s network so they can sell it on the Dark Web, leaving you vulnerable to credit card fraud, identify theft, and a variety of scams.
Cybercriminals can pair the data with other available information to commit a broad range of fraud in a Class Member’s name, such as: obtaining employment; obtaining a loan; applying for credit cards or spending money; filing false tax returns; stealing Social Security, and other government benefits; and applying for a driver’s license, birth certificate, or other public documents.
Armed with personal information, cybercriminals can easily obtain tax returns or open fraudulent credit card accounts. Social Security numbers can be used to create a false identity for someone who commits a crime, impairing the victim’s ability to gain employment or obtain a loan. It goes without saying that cybercrimes can have a significant negative financial impact on its victims, as well as cause severe emotional distress.
Victims of the breach can take a variety of measures to protect themselves as discussed below.
What You Should Do
If you received a data breach notification letter from FCHC, you should take certain steps to safeguard your identity. We recommend the following:
- Get your free credit report from annualcreditreport.com, and check for any accounts or charges you don’t recognize.
- Subscribe to a credit and identity monitoring service. Check the monitoring application regularly to see if your data has been compromised or if your data is being used for fraudulent purposes;
- Consider placing a free credit freeze. A credit freeze makes it harder for someone to open an account in your name.
- Try to file your taxes early, before a scammer can. Tax identity theft happens when someone uses your Social Security number to get a tax refund or a job. Respond right away to letters from the IRS.
- Don’t believe anyone who calls and says you’ll be arrested unless you pay for taxes or debt — even if they have part or all of your Social Security number, or they say they’re from the IRS.
- Change your online passwords and security questions;
- Regularly review your credit card and bank account statements for signs of suspicious activity;
- Monitor your credit report for any unexpected changes that may be a sign of identity theft;
- Contact one of the major credit bureaus to request they add a fraud alert to your profile; and
- Immediately notify your banks and credit card companies if you identify any suspicious activity
What Else Should You Do?
Data breach victims may be able to seek compensation through a class action. Class actions are frequently filed against companies that are breached. While these cases sometimes go to trial, most data breach class action settlements provide a variety of benefits to class members. These benefits may include additional years of credit and identity monitoring, compensation for time spent responding to the breach, reimbursement for any losses from fraud related to the breach, or nominal damages. If you want to learn more about data breach class actions and how you can participate in one against FCHC, you should contact a data breach attorney as soon as possible.
