Native American Health Center
On November 19, 2023, the Native American Health Center (NAHC) experienced a significant data breach that may have compromised sensitive personal information of its patients. The breach was discovered when NAHC noticed unusual activity on their network and promptly disconnected all access to investigate further. A specialized third-party cybersecurity firm was engaged to conduct a comprehensive forensic investigation.
The investigation revealed that an unauthorized actor accessed some NAHC files. The review of these files identified that the following types of consumer information were potentially impacted:
- Name
- Date of birth
- Medical information
It is important to note that Social Security Numbers were not affected by this incident. The breach was disclosed to the California Attorney General's office, and the full disclosure can be found on the California Attorney General's website.
Native American Health Center's Response
In response to the data breach, NAHC took immediate and decisive actions to secure their systems and mitigate future risks. The steps taken include:
- Disconnecting all access to the network upon discovering the incident.
- Engaging a specialized third-party cybersecurity firm to secure the environment and conduct a forensic investigation.
- Replacing all hard drives in every workstation to enhance overall security.
- Continuing the use of multifactor authentication for all logins.
- Conducting annual HIPAA privacy and security risk assessments.
- Extending the deployment of a multifactor authentication system that will replace the use of passwords with the scan of a fingerprint or tap of a badge.
- Maintaining restricted access to IT department offices and server rooms.
- Ongoing monitoring and restricted access for buildings and sites equipped with key card access.
- Conducting annual reviews of policies, procedures, and employee training programs covering cybersecurity and HIPAA compliance.
Additionally, NAHC is offering affected individuals access to Single Bureau Credit Monitoring, Single Bureau Credit Report, and Single Bureau Credit Score services at no charge for twelve months. These services provide alerts when changes occur to your credit file and proactive fraud assistance through Cyberscout, a TransUnion company specializing in fraud assistance and remediation services.
Steps for Affected Individuals
If you believe you have been affected by this data breach, it is crucial to take the following steps to protect your personal information:
- Remain vigilant: Monitor your account statements and credit reports for any suspicious or unauthorized activity.
- Enroll in credit monitoring services: NAHC is providing free credit monitoring services. To enroll, visit and use the unique code provided in your notification letter. The deadline to enroll is September 4, 2024.
- Place fraud alerts: Contact the three major credit bureaus to place fraud alerts on your credit file. This will notify creditors to take extra steps to verify your identity before opening new accounts.
- Consider a security freeze: A security freeze can prevent credit, loans, and services from being approved in your name without your consent. Contact each consumer reporting agency to place a security freeze.
- Report any suspicious activity: If you suspect identity theft, file a police report and report the incident to the Federal Trade Commission (FTC) at .
For more information, you can contact NAHC's dedicated hotline at 1-833-543-2507, available Monday through Friday, from 8:00 a.m. to 8:00 p.m. Eastern Time.