Nevada
Table of Contents
- Identity Theft Statistics
- Top Ten Report Categories
- Top Identity Theft Types
- Fraud & Other Reports by Metropolitan Area
- Nevada’s Recent Biggest Data Breaches
- What Should You Do if You Are in a Breach?
- Step-by-Step Process for Responding to a Data Breach
- Responsibilities of Companies that Have Been Breached
- Laws
- Resources
Cybersecurity threats are a high priority, considering they affect every area of life as daily life integrates with technology. Data breaches may occur as a result, either accidentally or intentionally, even though organizations are consistently briefed on the best ways to protect their information. Nevada ranked 18th in terms of the victims affected in 2023 and lost over $200 million to cyber threats the same year. Most data breaches in the state focus on email account hacking, denial of service attacks or ransomware, malware, and phishing, where possible. The targeted areas are medical, educational, and entertainment platforms.
Identity Theft Statistics
Reports
Reports
Losses
Top Ten Report Categories
Top Identity Theft Types
Nevada's Recent Biggest Data Breaches
Concentra Data Breach
Concentra, a Nevada-based medical transcription company, fell victim to a data breach incident that directly affected one of its contractors, PJ&A. Concentra indicated that it was not at fault, and lawsuits have since been leveled against PJ&A, citing negligence for not implementing the appropriate cybersecurity measures. Almost 4 million individuals were affected by the breach. The information compromised included birth dates, medical record details, admission diagnoses, and hospital account numbers. There was also a delay in issuing notification letters, hence the legal action. PJ&A has yet to indicate it will provide credit monitoring and identity protection.
Nevada School District Data Breach
In October 2023, Clark County School District became aware of a data breach that affected its email accounts. On discovering the nature of the event, the school district brought in a team of experts to investigate the incident. The investigation also found that the unauthorized party got limited information concerning students, employees, and parents. Information on 200,000 students was exposed, although the school district delayed notifying the affected individuals via mail. It did indicate some of the initiation of policies to secure its systems. Employees, for example, would lose the ability to forward emails to other addresses. Multifactor authentication would also be implemented on both shared and generic accounts.
Northern Nevada Medical Centre Data Breach
Northern Nevada Medical Centre experienced a data breach when its vendor, ESO, was infiltrated by ransomware. This occurred on September 28, 2023. Once they learned about the incident, ESO and the medical center began investigating it. ESO was also requested to issue notices to the individuals whose information was exposed during the breach. ESO then indicated that it had secured the deletion of all affected data and took steps to prevent it from being distributed. Some of the stolen information included phone numbers, names, addresses, and health insurance data.
Neurology Center of Nevada Data breach
In September 2022, the Neurology Center of Nevada indicated that it had experienced a data breach. The center first noticed the issue in July when specific systems on its network became inaccessible. The company alerted law enforcement agencies and restored access to these parts of its system before beginning a separate investigation. It also reviewed the information that was compromised and found that names, birth dates, addresses, Social Security, and health insurance information were exposed. The center also sent out notification letters to all who were affected due to the breach. These numbered some 11,700 individuals.
Nevada Health Centre Patient Data Breach
In December 2020, the Nevada Health Centre found that an unauthorized party illegally entered one employee's email account and accessed reports on patients. When the Health Centre discovered the breach, it initiated an investigation and utilized a third-party organization to assist in those efforts. The investigations revealed that the unauthorized party aimed to attain financial data concerning the organization rather than information concerning their patients. Up to date, though, there has not been any evidence to suggest that patient information found was for identity theft. That said, some information types exposed included names, telephone numbers, gender, race information, insurance details, and other clinical records. Nevada Health Centres indicated it was expanding the information protection and security processes to safeguard its privacy.
What Should You Do if You Are in a Breach?
Unfortunately, data breaches are pretty common now, considering our online connections and dependence on digital service delivery. Criminals work in the shadows to steal your personal information, so sometimes, it's only when you notice certain signs that ongoing fraud becomes apparent. These danger signs apply to both individuals and businesses.
Unfamiliar
Credit Card Charges
If you find unauthorized transactions on your credit card, there is a significant possibility your phone number, email address, or card number has been compromised.
Calls from
Debt Collectors
Phone calls or letters from collection agencies seeking debt payment for a loan you do not remember taking are also signs of identity theft.
New Credit Cards
or Loans in Your Name
A new line of credit in your name or a loan taken is a warning sign you are a victim of identity theft.
Surprise Credit
Score Drops
Sudden credit drops with no obvious cause are a sign of suspicious activities.
Unusual Activity on Your
Social Security Account
The federal government also considers social security numbers personal identifiers, so check your social security statement regularly to ensure no one has access to benefits without consent.
Inability to
Sign-in to Accounts
If you are locked out of the account, it is usually because someone has hacked into it and changed the password. You should immediately try all possible recovery options and contact customer support if all fails.
Step-by-Step Process for Responding to a Data Breach
Contact Local Law Enforcement
As an individual or a business, report the incident to the police and file a police report.
Assess and Secure Compromised Areas
Identify which aspects of your information have been affected, such as emails, passwords, credit card numbers, social security numbers, full names, and phone numbers.
Contain the Breach
Isolate the affected system to prevent further damage.
Create New, Strong Passwords for All Accounts
This may involve changing usernames and passwords for compromised platforms, using strong passwords with a mix of upper and lower-case letters, digits, and special characters.
Notify Affected Institutions
Inform your bank, credit card companies, and other affected institutions. Request they close or freeze any accounts that may be implicated in the breach to reduce financial risk.
Update Security on Digital Accounts
Change passwords for all accounts affected by the breach. Make sure each password is totally unique, and you use two-factor verification as an additional layer of security.
Check for Malware
Examine your computers and mobile devices for installed malware. Install robust antivirus software to detect and remove any viruses or malicious software.
Freeze Your Credit
In cases of identity theft, contact all credit bureaus to freeze your credit.
Monitor Your Mail and Credit Reports
Keep an eye out for any unauthorized changes in your mail.
Engage Legal Assistance When Applicable
If you are a business, consider hiring a law firm experienced in handling data breaches.
Responsibilities of Companies that Have Been Breached
According to state regulations, businesses must notify all residents of a data breach if they assess that personal information has been compromised. The modes of data breach notification in Nevada are written and electronic notices. Substitute notice may be provided if the expenses of notifying individuals are more than $250,000 or more than 500,000 people have been affected by the breach. Notifications should also be issued to consumer reporting agencies if over 1,000 residents have to be alerted because of the incident. This notice would have to contain information on timing, distribution of the notification, and context.
Though Nevada state law does not have particular mandates for the notice content, it should have details like a description of the breach, the business's name, types of personal information exposed, and mitigation steps taken to safeguard personal information.
Substitute notices may also be provided if the organization does not have everyone's current contact details. If so, the entity may notify individuals via a widespread email. It can also do so by posting a conspicuous message on the website or to statewide media outlets.
If the Nevada attorney general's office has reason to believe that a business violates the notification laws, it can implement a legal action. Businesses that knowingly fail to do security breach notices can also get a fine of $5,000 for each failure to issue notice.
Laws
- CHAPTER 603A - security and privacy of personal information deals with definitions and requirements for businesses. That is the obligation of all companies when information security is breached, and penalties if they fail to abide by these regulations.
- Nevada Revised Statutes 603A requires that operators of websites and data collectors notify state residents when they have experienced a data breach. Operators and data collectors can also issue notices to the offices of the attorney general.