by Dave Moore, CISSP
01/21/2024
Last week, I reported how patients of both Integris and SSM St. Anthony hospitals have been victimized by Internet criminals hacking the hospital’s poorly-secured computer networks. Private patient information was stolen, including name, date of birth, Medicaid/Medicare ID number, health plan information, medical treatment information, medical record number, patient account number, case identification number, provider and doctor information, and Social Security number.
This creates a full-on bona fide identity theft crisis that cannot be minimized or ignored. The personally identifiable information (PII) of millions of people has been stolen, the type of information criminals use to steal tons of money.
Possibly the most critical piece of PII stolen is the Social Security Number. An SSN allows an Internet crook to easily build a profile on a victim, and start setting up phony accounts in the victim’s name, while at the same time making themselves the beneficiaries of those accounts. These accounts can include checking and credit card accounts, “store” accounts (like Lowes, Walmart, Home Depot, etc.), car loans, mortgages, and the list goes on and on. This is an identity theft road I have been down with clients before, and trust me, this is not a road you wish to travel.
What to do? Fortunately, there are important and effective things you can do to protect yourself.
First, order and download credit reports. There is one, and only one official place on the Internet to get free credit reports, and that’s at annualcreditreport.com. Click the “Request your free credit reports” button, and get to work. They only cover Equifax, TransUnion and Experian, but that’s OK. Do this at least once a month to see if the bad guys are trying to mess with you.
Next, implement your first major line of defense. You absolutely must setup a freeze (not a “lock”) on your accounts at all four major credit reporting bureaus; yes, there are four, not three. The four major credit bureaus are Equifax, TransUnion, Experian and Innovis. Making sure you have locks in place at all four bureaus will go a long way in preventing the bad guys from setting up phony financial accounts. You will also inform all four bureaus you are an identity theft victim, which, if you got a letter from any institution alerting you they experienced a data or information “breach” or “compromise,” you most definitely are.
Visit Equifax at equifax.com/personal/credit-report-services/credit-freeze/ and click the “Place a security freeze” button. Fill out the form and follow the instructions. Then, visit equifax.com/personal/credit-report-services/credit-fraud-alerts/ and click the “Place an alert” button to create a Fraud Alert. Again, fill out the form and follow the instructions.
Click the “Add a freeze” button at transunion.com/credit-freeze and do the same thing. The TransUnion freeze process will also let you place a Fraud Alert.
Next stop is experian.com/freeze/center.html to click “Create a free account” to implement the freeze, and then visit www.experian.com/fraud/center.html to set the fraud alert.
Finally, fill out the form at innovis.com/securityFreeze/index to setup an Innovis credit freeze. Visit innovis.com/fraudActiveDutyAlerts/index to get the fraud alert going.
Next week: placing fraud and identity theft alerts with government agencies.
Dave Moore, CISSP, has been fixing computers in Oklahoma since 1984. Founder of the non-profit Internet Safety Group Ltd, he also teaches Internet safety community training workshops. He can be reached at 405-919-9901 or www.internetsafetygroup.org