Is Change Healthcare Data breach a scam?

Mark2024

Recycles dryer sheets
Joined
Jul 8, 2023
Messages
122
We received a letter from Change healthcare (CHC) telling us there was major data breach. All our personal information including SSN and driver's license have been taken by the bad guys.

It happens that I have been getting calls from a phone company saying I applied for a phone number. And that phone # has been involved in some unlawful activities.

Putting two things together, I am thinking someone has been using my identity. So I went back to the letter from CHC. There is a number to call to set up identity theft protection services - IDX. I called and they let me set up an account but I need to put all my personal information into that account. I stopped right there.

Is this CHC data breach a real thing? Is IDX a real company? Could this be a complete scam for me to upload all my information into this fake service? Who could you trust?
 
I also received the letter and could not tell if it was a scam or not.
That Change Healthcare was hacked is not a scam but is the letter we received actually from CH and legit.
The letter was poorly worded. Almost juvenile.
 
These monitoring services are a bit scammy to my mind. They may be "legit" in that they don't break any laws, but I question whether they add any value.

You can monitor, and even freeze, your credit yourself. Those services seem more interested in selling you upgrades to the "free" plan than anything else. They send weekly scare e-mails saying things like "There's been activity on your account, check now!" When you open the e-mail it's full of ads for their other services, and the "activity" is something routine, not identity theft.

I think by now it's best to assume that all of our personal information has already been published on the dark web.
 
I got the letter, as did DW. I tossed it. I froze our credit years ago and so monitoring doesn't have any effect.
 
I got the letter, as did DW. I tossed it. I froze our credit years ago and so monitoring doesn't have any effect.
How do you freeze your credit? Do you just call the three credit companies? I am now so afraid of giving my SSN on a phone call.
 
All of the credit bureaus have a web method for freezing. Just don't lose the unlock passwords... write things down and print things out... you'll need to have that stuff to do temporary thaws when you want a new credit card or something.

If YOU initiate the call, and you're certain of who you are calling, then they already have your SSN, past addresses, and lots more. Don't worry about that.
 
Found this website. You could put in your name and birth year, It will show what information is available on line. I was totally surprised to see address and phone # of 40 years ago. Many have our SSN too. It is SCARY!!!

https://pentester.com/

 
All of the credit bureaus have a web method for freezing. Just don't lose the unlock passwords... write things down and print things out... you'll need to have that stuff to do temporary thaws when you want a new credit card or something.

If YOU initiate the call, and you're certain of who you are calling, then they already have your SSN, past addresses, and lots more. Don't worry about that.
Thank you. We need to do that.
 
I got the letter, as did DW. I tossed it. I froze our credit years ago and so monitoring doesn't have any effect.
Your health insurance and medical records have tons of sensitive info - and there's no way for consumers to freeze or control those unfortunately.

So just keep an eye out- that's a huge target and those records are seen by thousands of people across doctor's offices, hospitals, insurers and third party administrators - many of whom probably aren't vetted that closely.
 
^ Right, nothing can be done about health info that's been leaked.

But I'm not sure anyone really cares too much about a person's medical history, though. I could be uninformed about it, but besides the legit doctors, my wife, mom, and kids, I don't think anyone in the world would even read my records if presented to them on a silver platter. I guess if I was famous and some rag could make money exposing something embarrassing, maybe. Or maybe psychologist's notes might be embarrassing. But I don't go to a psychologist.

Maybe if I was going to have to join the work force, if I had a medical condition that would be a negative, I wouldn't want my prospective employer to know. But for businesses there's probably a rule against using that kind of info, especially if the info is procured illegally.
 
I thought I'd read that the biggest use of medical records is for Medicare fraud and the like. There's also targeted advertising.
 
These monitoring services are a bit scammy to my mind. They may be "legit" in that they don't break any laws, but I question whether they add any value.

You can monitor, and even freeze, your credit yourself. Those services seem more interested in selling you upgrades to the "free" plan than anything else. They send weekly scare e-mails saying things like "There's been activity on your account, check now!" When you open the e-mail it's full of ads for their other services, and the "activity" is something routine, not identity theft.

I think by now it's best to assume that all of our personal information has already been published on the dark web.
I got free "MyIDCare" monitoring due to the 2015 OPM data breach, and it's not bad. It sent me emails when I applied for new credit, it has sex offender monitoring....nothing I'd pay for, but a modicum of added value, maybe.
 
I thought I'd read that the biggest use of medical records is for Medicare fraud and the like. There's also targeted advertising.
Thanks for pointing out those. I guess some scammy doctor could submit claims for services not rendered. I bet they wouldn't send me a bill for the $20 copay, hehehe. I'll say, though, as a new Medicare user, the paperwork is voluminous and even though I've taken the time to understand it, I doubt many people take the time. Especially if they have supplemental coverage and they don't need to pay for anything.

Targeted marketing could be pretty sinister...if your records show MCI or Alzheimer's, the true bad guys could target you for exploitation. Less of a concern would be having embarrassing fliers for diapers if your records indicated incontinence :)
 
Back
Top Bottom