A hacker infiltrated an email belonging to an employee of the Boys Town National Research Hospital on May 23, 2018, stealing personal identifiable and healthcare information of over 100,000 patients and employees.

Stolen PII and PHI includes sensitive information: SSNs, dates of birth, heath insurance information, medical diagnosis or treatment information, disability codes, banking or financial account numbers, usernames and passwords and more. 

This data is most likely being circulated in the deep or dark web, putting child patients at risk throughout their adult life. While the hospital is promising to provide 12 months of free identity protection services, it's hard to know when or how the victims' data will be used. 

Children's PII, such as their social security numbers, are often used in synthetic ID fraud which now accounts for 80% of all credit card fraud losses, and nearly one-fifth of credit card charge-offs. These victims will need to monitor their identities closely from this point on. 

Circling back at the cause of this data breach, all this data exposed came from one employee's email. Companies need to become more proactive to protect their domain, customers and employees leveraging IDtheft solutions like the 4iQ Identity Threat Intelligence Platform.