Your medical information is the hot new commodity in the cybercriminal market. After the Anthem breach revealed in February and believed to affect up to 80 million people and the more recent Premera breach, affecting about 11 million people, we should all be on guard.
Information stolen in these attacks include personally identifiable information, such as names, dates of birth, and Social Security numbers--things you can't change as easily as a password and which can be used by identity thieves to open accounts in your name. Even worse, if medical history gets stolen (which does not appear to be the case in these two incidents), criminals can use that information to blackmail you.
The Anthem breach was discovered in January and news broke in early February, but I just last week (mid-March) got a letter saying that my personal information was affected. Although the stolen information doesn't appear to have been used (yet) by the hackers, this kind of information can be used years from now. Anthem is offering free identity theft repair services for two years. The right thing for them to do, however, is offer it for a lifetime, since that's how long sensitive information can be used.
I previously mentioned seven things you can and should do after a breach, such as check your credit report and turn on two-factor authentication for all your accounts. There are two other options if you're especially concerned about identity theft: Set up a fraud alert or a credit freeze with the three main credit bureaus.
Fraud alert: When you place a fraud alert on your credit report with one of the bureaus, it will notify the other two bureaus to place fraud alerts on your credit file. This is basically like raising a red flag on your file so that new applications will be scrutinized more. However, Clark Howard notes that these are often ignored and you're better off doing a credit freeze.
Credit freeze: This prohibits a credit bureau from releasing information from your report without your written consent and it prevents new applications for credit. If you need to take out a new loan or get a new credit card, you can temporarily un-freeze (thaw?) your credit with a PIN only you know. Unlike the fraud alert, you have to do this with each bureau and the cost is up to $10 per freeze (and another to temporarily unfreeze or lift the freeze), depending on the bureau and your state. See Howard's article for more details.
You might want to get a credit freeze for any of your children affected by this breach as well. Only some states allow a parent or guardian to do that, however.
One more thing: Taxes. Usually I'm all for procrastinating on doing taxes until the deadline, but in this case, you might want to file as soon as possible. Armed with the kinds of personal information stolen in these incidents, identity thieves could file a fake return in your name and get your refund.