What do Michigan regulators have to add on the heals of hackers robbing UnitedHealth of $22M + untold patient files?
DIFS Press Release sums it up.
Michigan Department of Insurance and Financial Services Offers Tips to Consumers Affected by a Data Breach
FOR IMMEDIATE RELEASE: March 4, 2024
(LANSING, MICH) National Consumer Protection Week 2024 is March 3-9, and the Michigan Department of Insurance and Financial Services (DIFS) is offering tips to consumers to help them safeguard their personal and financial information following recent national cybersecurity incidents impacting the insurance and financial services industries.
“If you receive a notice that your data may have been accessed in a cyber attack, be sure to update your passwords, set up multifactor authentication, and monitor your credit reports. Also, be skeptical of emails, texts, or calls offering free services or requesting you to sign-in or share personal information, as those can be attempts to gain additional information about you,” said DIFS Director Anita Fox. “Whether you have been affected by a data breach or you want to safeguard your accounts before a data breach occurs, taking steps to protect your personal and financial information is always a smart decision.”
Successful cyberattacks often occur because of a failure to follow well-established cybersecurity practices. Here are some steps consumers can take to protect themselves and their personal information both before and following a data breach:
- Don't access personal or financial information, such as financial accounts, online retail accounts, or medical records when using public Wi-Fi. Only connect to the internet over secure, password-protected networks.
- Password-protect all user accounts and devices that connect to the internet. Do not use the same password for multiple accounts. Use a passphrase consisting of random words, but avoid using common phrases, song lyrics, or movie quotes that are easy for a hacking program to guess. Longer passwords of at least 12 characters are harder to guess, but if the account doesn’t allow long passwords, use a mix of uppercase and lowercase letters, numbers, and symbols to make your password strong.
- Set up multifactor authentication, which offers extra security by requiring an additional step beyond entering a password to log into your account. Never share multifactor authentication codes or other verification codes you receive with anyone. Scammers will often attempt to get consumers to share these codes in order to gain access to financial and other accounts.
- Sign up for free credit monitoring offered by the company that experienced the data breach. You can also check your own credit report for accounts in your name that you did not open. Remember that there is only one website authorized to give you the free credit reports you are entitled to by law: AnnualCreditReport.com.
- Be on the lookout for phishing emails, where scammers send emails that appear to be from your insurer, financial institution, or other service provider in order to get you to click a link or provide your password or other personal information. If you are unsure if an email is legitimate, do not click any links and contact the company directly using the phone number on your statement or card to verify the request.
- Be aware of phone scams. Caller ID can be spoofed to make it appear that a call is coming from your insurer, financial institution, or other company. Legitimate companies will never call you and tell you they need to access your computer or personal information, nor will they ask you for your passwords or account access information. Hang up and call your insurer or financial institution directly using the number on your statement or card if you are unsure whether a call is legitimate.
DIFS is also taking steps to ensure sound cybersecurity practices in the industries it regulates as part of its mission to ensure safe and secure insurance and financial services for Michiganders. In 2021, the Department implemented data security requirements for licensed insurers, agents, and agencies under the Michigan Insurance Data Security Law, which requires insurance licensees to establish information security programs and notify DIFS of a cybersecurity event involving nonpublic information.
...
Sign Up for MHF Insights to keep up on the latest in Michigan Health Policy
