Hello Lemmy, this is my first time posting instead of commenting so if this is the wrong place or I’m formatting this wrong feel free to let me know how to fix it.

One of my healthcare providers (US) has just alerted me I’ve been affected by a Data breach (from February, so glad to see they took it seriously and alerted people quickly). The breach supposedly affects Full name, address DoB, and health information such as illnesses and medications. They have sent a 2 page information packet that gives recommendations such as calling the three creditors and a “free” 5 year subscription to an experian credit monitoring service. Upon checking the website they want my full name, DoB, SSN, Address, email, phone number, and I’m sure if they could my blood type and fingerprints.

What I would like to know is are these services they are providing me with “safe” for a threat model that involves keeping my information out of the hands of advertisers, bad actors and people who don’t need it? Do they already have this information and are just asking to verify who I am? I’d prefer not to have my identity stolen due to someone else’s computer having a security flaw. What’s my best course of action to preserve my privacy while not having my identity stolen?

Thanks for any help in advance.

  • OhVenus_Baby@lemmy.ml
    link
    fedilink
    arrow-up
    6
    arrow-down
    1
    ·
    edit-2
    7 months ago

    Change all your important account passwords, enable encryption where you can at rest and e2ee in transit, and enable 2FA to send to a device you know is in your possession like a SMS to keep an eye out for failed logins and such.

    • Wave@lemmy.mlOP
      link
      fedilink
      English
      arrow-up
      3
      ·
      edit-2
      6 months ago

      Just out of curiosity what would changing all of my important account logins achieve if the leak was a healthcare provider that doesn’t have anything other than my medical history and insurance card (I never sign up for “patient portals” and the like.)? Not trying to go against what you’re saying as I already do most of what you’re recommending there. In fact I actively avoid 2FA by SMS in favor of Authentication apps (such as Aegis), and use a password manager to randomly generate all my logins.

      • OhVenus_Baby@lemmy.ml
        link
        fedilink
        arrow-up
        3
        ·
        6 months ago

        If your using good 2fa auth. and generated passwords you probably OK. It wasn’t stated you had good measures in place. I was thinking more identity theft situation where someone could compromise your financials. If all they have is some medications, insurance, and basic info you really don’t have major concerns. Now if they have your DoB, Social Security, Address, etc then that’s where locking down all your accounts would be more appropriate. Your post sounded more severe than your reply here so that lead me to believe it was more dire.