A hospital in Worcester, Massachusetts, disclosed an email hack of its employee email system, which may have exposed the personal information of thousands of patients. Earlier this month, UMass Memorial Health alerted patients who were affected by the hospital data breach.

In a notice to affected patients, the hospital disclosed that an unauthorized person accessed employee emails between June 2020 and January 2021 but was unable to say the level to which the emails were viewed. Only patients whose information was contained in the emails were affected.

The hospital data breach potentially affected more than 209,000 individuals, according to the U.S. Department of Health and Human Services. The exposed information included names, birth dates, medical records, insurance information, Social Security numbers and driver’s license numbers.

How to Protect Yourself After a Hospital Data Breach

When your information is exposed in a hospital data breach, you need to take steps to help protect your identity and personal accounts.

Monitor Your Credit

One of the most important ways to protect yourself is to monitor the information contained in your credit report. If your information is used to commit identity theft, it may show up on your credit report in the form of unauthorized credit inquiries, accounts you don’t recognize or late payments for accounts you never opened.

Credit and identity theft monitoring can take a lot of the guesswork out of watching your credit. You can receive notifications as soon as new activity shows up on your credit report and even when your personal information is listed for sale on the dark web. You can also get compensated for losses related to identity theft through identity theft insurance coverage.

Don’t Respond Directly to Information Requests

When you get an email, phone call or text asking for personal information, don’t immediately reply. These communications may be phishing attempts trying to trick you into providing information that helps bad guys get access to your personal accounts or steal your identity. If you’re unsure about a communication, reach out to the organization directly through official channels (like their website or phone line) to verify their request.

Use Strong Passwords

You need to use strong, unique passwords for every account you have. If you reuse the same password across every account, bad guys only need to figure out one password to gain access to everything. You can use a password manager to create strong passwords for every account. You can also enable multi-factor authentication for every account that offers the feature, giving you an additional layer of protection. Here are some password best practices for better security.