Cyber Security Experts Advise Next Steps For INTEGRIS Health Data Breach Victims

Cyber security experts are advising the victims of the INTEGRIS Health data breach to avoid paying the scammers and instead take a defensive approach.

Hackers sent emails to INTEGRIS Health patients in recent days, saying they have stolen the data of more than 2 million people. The hackers listed the address, phone number, birth date, and social security number of each email recipient as proof that their information was compromised.

The hackers wrote in the email that unless the recipients each pay $50, their data will be sold on the dark web on Jan. 5. The email includes instructions for recipients to download the Tor browser and pay the $50 using bitcoins.

Among the people who received the hackers' email is Dennis Byford, senior VP of information technology at Audacy, a multi-platform audio content and entertainment company. Byford is knowledgeable of cyber security, having previously worked at INTEGRIS Health for 18 years, including most recently as VP of information technology. 

Byford advised that victims of the data breach should not pay the extortion because there is no reason to believe the hackers would live up to their promise. He also said that paying the hackers would mark victims onto a special list.

Chris Yates, director of network security services of CyberOne, also received the hackers' email, which included his address, phone number, and social security number. "This is the fifth time in the last 10 years that my information has been leaked in a breach, and I'm a cyber security professional," said Yates. "So really, there's not a whole lot you can do to keep these things from happening."

Yates worked in IT and cyber security at INTEGRIS Health for several years and agreed with Byford that no one should pay the ransom. "The tools that (the scammers) wanted folks to use, bitcoin and Tor, which is The Onion Router network, are not tools that I would ever recommend to any general consumer to use," said Yates. "They're rather complicated and technical."

Yates added that the Tor network should be avoided because it's generally a mechanism that's used to access the dark web, where users can be exposed to illicit products and services.

Instead, Byford and Yates said the first thing victims should do is freeze their credit reports. The freeze will prevent a credit bureau from releasing information in the credit report without consumer consent. This, in turn, prevents credit, loans, and services from being approved in a consumer's name without their okay. Credit freezes can be requested for free by contacting the three major credit reporting bureaus: Equifax, Experian, and TransUnion. "You'll receive credentials that you'll need to save and you need to make sure that you save those in a safe place - maybe print those out and put them in a fire-proof safe," said Byford.

Those credentials will be needed to unfreeze a credit report during times when a credit check is needed, such as when the consumer is getting insurance, obtaining a loan, or seeking a job, Yates said. Byford also said victims should ensure that all important accounts have strong, unique passwords; do not share passwords across multiple accounts. It's also vital to have multi-factor authentication activated (preferably over SMS authentication unless that's the only option), Byford advised.

In addition, Byford said those affected by the data breach should plan to file their taxes as early as possible to prevent scammers from using their social security numbers to get tax refunds. Furthermore, Byford said victims should scrutinize their medical bills to ensure they are valid and that the payment address has not changed. 

Subscribe to a credit-monitoring service as well, Byford said. Although INTEGRIS Health offered to provide free credit monitoring, Byford does not expect that to happen before Jan. 5, the deadline given by the hackers. "See if that's something that's already offered via one of your credit cards or some other organization that you might belong to," Byford said.

Byford added even if an INTERGRIS patient did not receive an extortion email, that doesn't mean their information is secure. Therefore, Byford advised that everyone in the family should take the aforementioned steps

Additional precautions include initiating the call to a provider when paying a bill, Byford said. If a call is received, offer to call back using a number one can verify. Byford recommended being extra careful about inquiries from unknown or suspicious sources as well. Finally, he said keep records and receipts for every transaction.

Yates added that it's unclear if the hackers obtained other types of patient information, such as patient records and treatment plans. This means there is a possibility of insurance and healthcare fraud.

INTEGRIS Health is posting updates on the data breach on its website.

Related Article: Hackers Claim They Stole Data Of More Than 2 Million INTEGRIS Health Patients