With the rise of digital healthcare, patients must take steps to safeguard their personal and medical information.
The recent data breach at Confidant Health, which exposed highly sensitive patient information, including mental health records, has raised alarms about the privacy risks associated with telehealth platforms. As more people turn to digital healthcare services for convenience, incidents like this highlight the importance of being proactive about personal data security. While healthcare providers are responsible for safeguarding patient information, there are several steps patients can take to protect themselves in the event of a breach.
The Confidant Health breach, discovered earlier this year, exposed over 5.3 terabytes of data, including psychotherapy notes, drug test results, identification documents, and even audio and video transcripts of therapy sessions. Though the company acted quickly to limit public access to the data, the breach underscores the vulnerabilities of digital healthcare services.
Here are key steps patients can take to protect themselves if their personal identifiable information (PII) or medical records are exposed.
1. Monitor Financial and Personal Accounts for Fraud
One of the immediate risks following a data breach is the potential for identity theft. In the Confidant Health breach, exposed data included driver’s licenses, Medicaid cards, insurance documents, and addresses—information that could be used by malicious actors to commit fraud. Patients should:
- Check their bank accounts and credit card statements for any suspicious transactions.
- Request a credit report from one of the major credit bureaus (Experian, TransUnion, or Equifax) to check for unauthorized credit activity.
- Consider placing a fraud alert or a credit freeze on their accounts, which can help prevent new accounts from being opened in their name.
2. Change Passwords and Strengthen Online Security
Telehealth apps typically require users to create online accounts, which may store sensitive health data. Following a breach, patients should:
- Immediately change the passwords to any online accounts associated with the healthcare provider.
- Use strong, unique passwords for each account, ideally with a mix of letters, numbers, and symbols.
- Enable two-factor authentication (2FA) where possible, which adds an extra layer of security by requiring a second form of verification in addition to a password.
3. Review Medical Records for Inaccuracies
Breaches of medical information can lead to unauthorized access or misuse of your health data. In the Confidant Health incident, sensitive mental health records, including details of trauma and family history, were exposed. Patients should:
- Request a copy of their medical records from the healthcare provider to ensure no unauthorized changes have been made.
- Regularly monitor Explanation of Benefits (EOB) forms from health insurance providers to ensure there are no unrecognized medical services billed under their name.
4. Be Cautious About Phishing Scams
Following a data breach, cybercriminals may attempt to exploit the situation by sending phishing emails or making fraudulent phone calls. Patients should be extra vigilant when it comes to unsolicited communication:
- Avoid clicking on links or downloading attachments from unfamiliar or unexpected emails.
- Be skeptical of phone calls or emails requesting personal information or claiming to be from the breached healthcare provider.
- If in doubt, contact the healthcare provider or insurance company directly to verify the legitimacy of the communication.
5. Stay Informed About the Breach Investigation
Patients affected by a data breach should stay updated on developments from the healthcare provider. In the Confidant Health case, the company responded quickly by restricting access to the exposed database and began an internal investigation. However, patients need to:
- Look out for official notifications from the healthcare provider regarding the breach and any steps the company is taking to mitigate the damage.
- If the company offers free credit monitoring services, take advantage of them to keep track of any unauthorized activity.
6. Know Your Legal Rights
Under the Health Insurance Portability and Accountability Act (HIPAA), healthcare providers are required to protect patients’ health information. In the event of a breach, affected patients are entitled to be notified by the healthcare provider. Patients should:
- Review the notification to understand what data was exposed and what steps the healthcare provider is taking to address the breach.
- If the breach involves PII or medical information, patients have the right to file complaints with the Department of Health and Human Services (HHS) or consult legal professionals to explore further protections or compensation.
For those particularly concerned about the long-term effects of a data breach, enrolling in an identity theft protection service may offer additional peace of mind. These services can help monitor credit reports, detect suspicious activity, and assist in recovering from identity theft.
The Confidant Health breach serves as a reminder that, while telehealth platforms provide essential healthcare services, they also come with risks. Sensitive data, such as medical records and identification documents, can be exposed if companies do not have adequate security measures in place. Patients must remain vigilant about their own data security, especially when using digital healthcare services.