Data breaches happen all the time, and while no data breach should be ignored, those involving health care institutions require special attention. 

These breaches can be very damaging and haunt people for life. Recently, hackers leaked the personal data of around 500,000 Americans. 

They breached the databases of the Center for Vein Restoration (CVR), which claims to be “America’s largest physician-led vein center,” stealing not just personal data but also medical records.

GET SECURITY ALERTS, EXPERT TIPS – SIGN UP FOR KURT’S NEWSLETTER – THE CYBERGUY REPORT HERE

What you need to know

CVR, a clinic headquartered in Maryland, experienced a massive data breach where hackers stole highly sensitive personal information, including lab results and health insurance details, as reported by Cybernews. The breach occurred in early October, with the clinic detecting “unusual activity” in its systems on Oct. 6.

CVR has more than 110 branches across the country, from Alabama to Alaska. This breach has affected hundreds of thousands of individuals. According to a notice filed by CVR with the U.S. Department of Health and Human Services Office for Civil Rights, more than 445,000 people had their personal information compromised.

As the name suggests, CVR specializes in vein restoration, a very specialized procedure aimed at improving the health and function of veins. This means the clinic keeps a very elaborate record of its patients’ health, and now all that is in the hands of hackers, along with copious amounts of personal information.

The full list of exposed data includes addresses, dates of birth, Social Security numbers, driver’s license numbers, medical record numbers, diagnoses, lab results, medications, treatment information, health insurance information, provider names, dates of treatment and financial information.

The inside of a health care center (Kurt “CyberGuy” Knutsson)

WINDOWS FLAW LETS HACKERS SNEAK INTO YOUR PC OVER WI-FI

The risks associated with the CVR data breach

The risks of data breaches depend on the type of company affected. For instance, breaches involving companies like Ticketmaster are generally more manageable because they often expose information like contact details, addresses and, in some cases, identification documents. Even if financial data is leaked, it can typically be mitigated by replacing or blocking compromised accounts.

Health care data breaches, however, are far more severe. When companies like CVR are targeted, hackers gain access to sensitive medical records that cannot be altered. Your medical history is permanent and highly sought after on the dark web. Cybercriminals can use this information to commit identity fraud, such as obtaining prescription drugs through false insurance claims. Plus, detailed knowledge of medical treatments, lab results and medications allows attackers to create highly targeted phishing scams, exploiting victims’ vulnerabilities with alarming precision.

We reached out to CVR for a comment but did not hear back before our deadline.

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

An emergency room sign (Kurt “CyberGuy” Knutsson)

CYBER SCAMMERS USE AI TO MANIPULATE GOOGLE SEARCH RESULTS

7 ways to keep yourself safe from such data breaches

1. Regularly monitor your financial and medical accounts: Periodically review your medical records and health insurance statements for any unusual or unauthorized activity. This can help you quickly identify and address any discrepancies or fraudulent activities.

Use patient portals provided by health care providers to access your medical records online. These portals often have features that allow you to track your medical history and appointments.

2. Use strong passwords and two-factor authentication: Create strong, unique passwords for your online accounts, including health care portals. Avoid using easily guessable information like birthdays or common words. Consider using a password manager to generate and store complex passwords.

3. Enable two-factor authentication (2FA) wherever possible: 2FA adds an extra layer of security by requiring a second form of verification, such as a text message code or authentication app, in addition to your password.

4. Don’t fall for phishing scams; use strong antivirus software: Be mindful of the information you share online and with whom you share it. Avoid providing sensitive personal information, such as Social Security numbers or medical details, unless absolutely necessary. Verify the legitimacy of any requests for personal information. Scammers often pose as health care providers or insurance companies to trick you into revealing sensitive data by asking you to click on links in emails or messages.

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android and iOS devices.

5. Use identity theft protection services: Consider enrolling in identity theft protection services that monitor your personal information and alert you to potential threats. These services can help you detect and respond to identity theft more quickly. Some identity theft protection services also offer insurance and assistance with recovering from identity theft, providing additional peace of mind. See my tips and best picks on how to protect yourself from identity theft.

6. Freeze your credit: A credit freeze prevents anyone from opening new credit accounts in your name without your authorization, reducing the risk of identity theft. Contact the major credit bureaus (Experian, Equifax and TransUnion) to request a credit freeze. This is often free and can be temporarily lifted when you need to apply for credit.

7. Remove your personal data from the internet: After being part of a data breach, it’s crucial to minimize your online presence to reduce the risk of future scams. Consider using a personal data removal service that can help you delete your information from various websites and data brokers. This can greatly diminish the chances of your data being used maliciously. Check out my top picks for data removal services here. 

DON’T LET SNOOPS NEARBY LISTEN TO YOUR VOICEMAIL WITH THIS QUICK TIP

Kurt’s key takeaway

The CVR data breach is deeply troubling, affecting nearly half a million individuals and exposing highly sensitive medical and personal information. What makes this breach particularly concerning is the lasting impact health care data leaks can have on victims, from identity theft to targeted phishing scams. Whether or not you’ve been directly affected, it’s a stark reminder to take proactive steps, such as monitoring your accounts, enabling multifactor authentication and staying alert to phishing attempts.

Do you think companies are doing enough to protect sensitive data, especially in health care? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you’d like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2024 CyberGuy.com. All rights reserved.

Intel is having an incredibly rough year — but at long last, the company’s discrete graphics card initiative has produced a card worth celebrating. While we haven’t managed to review it ourselves due to a fluke issue, the $250 Arc B580 “Battlemage” GPU launched to nigh-universal praise, has already sold out most everywhere, and Intel tells The Verge it’s working to ship new units every week.

“Demand for Arc B580 graphics cards is high and many retailers have sold through their initial inventory. We expect weekly inventory replenishments of the Intel Arc B580 Limited Edition graphics card and are working with partners to ensure a steady availability of choices in the market,” Intel spokesperson Mark Anthony Ramirez tells The Verge. 

To give you an idea, here are some of the headlines we’ve seen on reviews of this card:

While reviewers have showed the B580 doesn’t beat the 4060 and 7600 in every game, especially for gamers who still play at 1080p resolution, it does seem to pull ahead on average, the drivers seem more mature than Intel’s earlier attempts, and the lower price and generous 12GB of video RAM make it relatively easy to recommend.

If you can find one at $250, that is — which you probably can’t, because they’ve sold out so quickly. For what it’s worth, Hardware Unboxed’s Steve Walton doesn’t think this is a so-called “paper launch” where a manufacturer ships a token number of components for bragging rights instead of mass-producing a product; he said that manufacturers, retailers and distributors told him that supply of the card was “quite substantial.”

Threads is about to begin testing the ability to schedule posts, according to Instagram’s Adam Mosseri. “Replies cannot be scheduled,” he added, explaining that “we want to balance giving people more control to plan their Threads posts while still encouraging real-time conversation.”

Mosseri also makes sure to note that Instagram has been working on this feature “for months.” I’m choosing to take as a sign that the Instagram chief is fed up with the notion that Bluesky is the motivating factor behind every new improvement that comes to Threads. Last week, Threads introduced curated collections of people to follow, which drew comparisons to Bluesky’s starter packs.

Yesterday, Meta CEO Mark Zuckerberg announced that Threads now has over 100 million daily active users, marking the first time that the company has revealed a DAU figure for its Twitter / X competitor. Threads also has more than 300 million monthly active users. No matter how Meta is calculating those figures, Bluesky objectively remains far smaller.

Instagram has long offered the option to schedule feed posts, and this week it announced the same convenience is being extended to DMs.