Friday, October 26, 2012
Department of Health agrees to provide free credit monitoring to victims of clubhouse data breach
by Larry Geller
The Department of Health will provide one year’s free credit monitoring services to victims of the September 25 data breach, according to a phone call I received this afternoon.
As I wrote yesterday (Department of Health data breach places unfair burden on those most vulnerable, 10/25/2012), a data breach which may have compromised personal data of clients of DOH’s clubhouse system was announced only yesterday (October 25) even though the data breach took place exactly one month earlier.
Yesterday DOH’s spokesperson Janice Okubo was out of the office, but we spoke this morning on the phone. I asked why the time lag, and also if DOH planned to provide free credit monitoring services for those clients who were affected, along with assistance in obtaining the services.
Okubo’s reply (paraphrase) was that it took time because of HIPAA considerations (medical privacy), and because it was difficult to determine what data was accessed. I pointed out that identity thieves could do a lot of damage in a month’s time. With regard to DOH’s plans to assist the victims of the data breach, Okubo stated that current clients would be given “tip sheets” on protecting their credit, and she hoped that former clients would hear about it. I suggested that DOH owes them free credit monitoring and some assistance in obtaining it, and she said she would bring that up for discussion. I mentioned that UH students received credit monitoring services in settlement of a lawsuit over the repeated breaches at the university.
This afternoon I received a call with the news that DOH has agreed to provide free credit monitoring services for one year. Of course, the details still need to be worked out. Okubo mentioned that not all of the data included Social Security numbers, so not everyone would be in need of monitoring services.
I think it’s important to recognize that DOH is planning to do the right thing. Readers can help—if you know of anyone who has made use of DOH clubhouse services, it might be good to let them know what’s happening with the data breach and the soon-to-be-available monitoring services.