in Business Identity Theft, Data breach, Identity Theft

Is the letter I received from HMA Physicians Regional a scam?

urgentNormally I am telling you to ignore or disregard unsolicited letters you may receive in the mail as they have a high probability of being a scam.  Not today.  If you received a letter from HMA Physicians Regional LLC notifying you that your sensitive information was exposed through a data breach it is NOT a scam.  This letter is legit.   To see a copy of the letter click HMA notification letter  Yes, I too received a letter.

If you have received this letter then your information, along with my information, was exposed due to the data breach of Community Health Systems Professional Services Corporation (CHSPSC).  This company provides management, consulting and information services to Physician Regional clinics.  They also provide this service to hospitals and clinics nationwide.  In fact 4.5 million people had their information exposed due to the breach.

What was exposed?

The good news is that no credit card, medical or clinical information was taken.  This is even printed in bold in the letter.  However, what was taken was your name, date of birth, address and Social Security number.  Yes your Social Security number (SSN).  As a side note I love how they try to draw your attention away from the fact that you SSN was taken by stating IN BOLD that your credit card and medical information is safe.  Personally I would have preferred to have had my credit card and medical information taken instead of my SSN.  I mean really, what can a hacker due with my medical information that is worse than what they can do with my SSN?  Credit Cards?  Who cares!!  Federal law protects you from being financially responsible for fraudulent transactions in a credit card account.  But with my SSN they can do EVERYTHING.  Heck, they could even become me.  Someone needs to explain that to HMA Physicians Regional.  Enough of my rant, let’s get back to what you need to do if you received the letter.

What to do?

In an attempt to say “please forgive us” HMA Physicians Regional is offering victims identity theft protections services from Kroll for free for one year.  Yippee! Did you pick up on my hint of sarcasm?  What is being provided by Kroll is twelve months of credit monitoring of your TransUnion report ONLY.  This means that if the hack were to apply for a credit card or loan using your information and the creditor used Experian or Equifax to verify your credit you will NOT be notified.  The monitoring form Kroll will only notify you if there is activity on your TransUnion credit report.  Not all creditors report to all three credit bureaus.  If you were to ask me if you should buy this product I would tell you that you are wasting your money.  But in this case it is free so I say go ahead and sign up.  One thing that is still unclear is if victims will be given complete restoration assistance in the event they become a victim of identity theft.  On Kroll’s website they list identity theft restoration services as one of their included serves.  However, if you under their “Enhanced Restoration Service Exclusions” it states the following:

“Pre-existing Stolen Identity Event Limitations – Any circumstance wherein the Member had knowledge of, or reasonably should have had knowledge of a pre-existing stolen identity event based on information provided to them prior to enrollment in the program.”

“Stolen identity event”, what does that mean?  Again, the service is free for one year so I still say go ahead and sign up.  It is better than nothing.  Just know that it is not a complete identity theft protection service.  Think of it as instead of buying a new car you are getting a set of wheels for free.  They provide value but you won’t get very far without the rest of the car.

Summary

So in summary, if you receive a letter from HMA Physicians Regional LLC regarding a data breach the letter is legit.  Go ahead and sign up for the free,very limited, service.  As far as if your information will ever be used for identity theft no one knows for sure.  My information was exposed through a healthcare breach five years ago.  This is my second time dealing with a breach.  At least as far as I know.  Am I panicking?  No.  I take the mindset that my information IS on the black market and it can be purchased and used by anyone at anytime.  There is nothing I can do to stop it.  I can, however, continue to monitor my financial statements, review my credit reports and keep my eyes and ears open for anything suspicious.  If something just does not feel right I take action immediately.  Unfortunately data breaches are a consequence of the digital age.  Something we cannot control but something we must learn to identify and mitigate.