Telemarketer Data Breach Leaked Nearly 1M Seniors’ Info
As if telemarketers weren’t pesky enough, a recently discovered data breach of a healthcare telemarketing firm resulted in almost one million senior citizens’ information being posted available online.
The breach, which has not yet been determined to have been accidental or intentional, leaked information online that included names, birthdates, Social Security numbers, health insurance information, and much more. It even contained records of patients’ past health issues and diagnoses.
HealthNow Networks, which is no longer in business, sold medical supplies to customers and kept records of some 918,000 potential customers in an electronic database. According to investigators in this breach, a hired software developer uploaded a copy of the database to the internet, presumably for work reasons, but didn’t encrypt the information or password protect it. It’s not certain exactly how long the information was online or who may have been able to access it, but they do know it was online for a period of several months.
The breach was discovered by a random visitor who was actively looking for connected devices on the Shodan search engine, all for logging and recording purposes. When this individual discovered the database, he immediately reported it to DataBreaches.net, who contacted the appropriate agencies. However, there’s no way of knowing who else has already stumbled on this information, or what they may have done with it.
This is one of the less recognized dangers in handing over your personal information, especially to sales or telemarketing firms. The public is often warned about shady callers trying to steal your details, but in too many cases, it’s just a matter of a sloppy job of protecting you. Even if the caller is legitimate (and therefore not a scammer), you have no way of knowing how they will store and protect your information. Also, as a telemarketing company and not a medical organization, HealthNow Networks’s mishandling of the customer database does not qualify as a HIPAA violation, despite the fact that protected health information was included.
It's important for consumers to remember some fairly simple rules about their personal identifiable information. First, just because someone requests it, that doesn’t mean they have an actual need for it or a legal right to it. Next, your Social Security number might be the so-called “Holy Grail” of identity theft targets, but your health insurance number—especially if your SSN is part of it, as is true of Medicare numbers—is still highly valuable. Finally, it’s critical that you ask the hard questions about data security; there’s a good chance that the person requesting your data is simply reading off a script or filling in the blanks, and has absolutely no idea who can see your information, how it will be protected, and how you will be notified if there’s a breach. Don’t hand over your personal identifiable information to anyone who cannot provide you with specific details on the company’s data security policy and procedures.
If you think you may be a victim of identity theft, contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App.