CINCINNATI — A local expert has advice to help safeguard yourself from phishing attacks like the one at the UC Medical Center that netted Moustapha Sekou.
UC doctors fixed Sekou’s broken toe last summer, but his injury turned to worry last Monday when he received a letter from the hospital saying his info had been exposed.
To make matters worse, no sooner did he get the letter than he got an unexpected phone call on his brand new cell phone – while he was still in the store after buying it.
It was "scary," Sekou said.
“About two days ago, I received a phone call from somebody who knew exactly my name and everything – and that's a brand new phone I got,” Sekou said. “So I was even wondering how they got my name, my last name and my phone number."
UC’s letter said a phishing scam last July targeted emails that had patient medical histories, personal info and in some cases Social Security numbers. UC said it also notified patients last summer.
The hospital said there is no proof anyone actually saw or abused any exposed data. Nevertheless, Sekou is worried someone is building a profile on him.
"My information is not secure and ... everybody can get access to my privacy, and I'm not feeling good about it," Sekou said.
Jennifer Pike, executive vice president of the Greater Cincinnati Insurance Board, said data thieves like to take their time gathering intel before ripping people off.
"A lot of these things come from phishing attackers that might present themselves as the hospital or as the insurance company," Pike said.
"What they're trying to do is access parts of information. Maybe they don't receive the Social Security number, but they receive an address, a birthday, another other kind of sensitive information they can then go to other profiles."
Experts say medical data thieves often go after patients, but Pike said thieves could be collecting pieces on the hospital for schemes to bilk money from insurance companies.
Pike recommends you take these steps to protect yourself:
- Use encrypted passwords only. Unique ones – nothing that you're using for other accounts.
- Make sure you're always accessing medical info on a protected Wi-Fi. That could be a personal hotspot, or buy a virtual private network (VPN) – a security network that shields browsing from others. Just don't use public Wi-Fi.
- Get insurance for protection in case you are compromised.
- Check your credit report.
- And, for your children or anyone else in your house not using credit, lock those Social Security numbers.
"Especially with health records these days, they can gain access to people that aren't even of age yet but use their profiles as well," Pike warns.
UC said the hospital is offering free credit monitoring and protection to every victim whose Social Security number was exposed. And it's taking more cyber safeguards.
Following the attack, UC said it reset employee passwords, limited outside email access and blocked websites. And their IT folks are still investigating.