When somewhere that had all our information got compromised like that, they paid for identity protection services for us. I would bet the hospital is putting something together like that also, it's a pretty common defense when a system gets hacked, so the place that had the system won't get sued. Either wait and see what the hospital proposes to do to mitigate the possible risks of the hack, or if they don't do anything, write to them or call them, and ask what they will do to make sure your identity is safe. I would bet they are working on it.
Start calling lawyers. It's a HIPPA violation and the hospital is at fault. Which city are you in? Im in Seattle and know a few. Im in the medical field and the hospital has to notify you but they have lawyers and will protect themselves so they dont necessarily have your best interest in mind.
The same thing happened to me and my family an my bf family the hospital had been told someone got into their patient info and was blackmailing them. They sent everyone a website for free to do credit checks but nothing ever happened. Noone had their info messed with it was just a bluff
A lawyer would not take the case until you can show that you have been damaged. The hospital will be taking steps to be sure you aren't damaged. If some identity theft happens to you through this system breach at the hospital, only then would you want to call lawyers.