We received a letter from the hospital letting us know that there has been a data breach. They detailed the actions they took.
They also went on to detail action that we can take to protect ourselves. They provided us with the name and telephone number of IdentityDefense, and enclosed information touting the protection and services provided by this company.
I checked into this company. Their services start at $29.99 a month. Nowhere is that information listed in the 3 page letter from the hospital.
Not to stereotype or anything, but we have an older population here. I find myself wondering how many of them will feel as if they need to get the additional protection because they are in danger. ? I find myself also wondering how many people are going to take this letter as a recommendation from our local/trusted hospital?
Mostly I wonder what sort of a kick-back the hospital gets from IdentityDefense for putting their name out into the community.
In my mind, it is shameless exploitation and really undermines their attempt to present themselves as a patient/service oriented facility. What say you?
LATE EDIT: I called the hospital this morning and got the switchboard. When I tried to ask my question, I was interrupted. "Yes, we had a data breach in September."
I said, "Well, yes. but..."
She interrupted me once more to tell me what they had done on their end.
I said, "Right. I understand that, but that's not even my question. I mean, I worked phones for many years, and really, not trying to be critical here, but you should at least listen to the question before you try to answer it."
She asked me what my question was, so I asked about IdentityDefense. Is this something covered by the hospital or is that something we pay for."
She said quickly, "I don't believe the hospital would cover that...."
I pointed out that when UPMC had a data breach, they did cover those costs for their clients for a year. (Thanks for that, Doug!)
"Oh, really?"
I suggested that since she wasn't sure, perhaps she could direct me to someone who might be able to answer that question.
She gave me a number. I called, left a message, and haven't heard anything.
From my reading last night on the FTC website, advice can (and should) be offered linking concerned customers to government websites. How to get their free (once a year) credit reports from Experian and Equifax and Transunion. Where and how to spot and report unauthorized activity, things like that. That seems reasonable.What doesn't is touting one private company out of many private companies that provide this service. That is what strikes me as unethical, unless they are paying this company to provide the service to possibly affected customers.
Stay tuned.
LATE LATE EDIT: You folks who pointed out that they are required to pay for it were 100% correct. We get one year of coverage on them. This was not stated in the letter at all. I think the hope is that they have met the letter of the law by providing the letter. By not disclosing the service is free to us due to the breach, they are probably hoping to minimize the number of people taking them up on the offer. It is interesting that the operator at the hospital was sure it was not paid by the hospital. The person she referred me to did not know. It took a third call to a line set up for the data breach.
I find myself thinking the same thoughts you've had and shake my head in disgust that the hospital failed to include a blurb that a fee would be charged by Identity Defense for their services. 3-pages of information and the hospital couldn't include even a sentence about Identity Defense & their fees???
ReplyDeleteAt the end of the day, unfortunately, the majority of hospitals are for-profit businesses and their priority is their bottom-line.
In my mind this sounds like a scam.
ReplyDeleteIt was a breach by the hospital. It took insufficient care with client's data. The hospital should pay Identity Defense for all those whose data was breached. It could get a huge discount for a bulk deal.
ReplyDeleteThis
DeleteThirty bucks a month?! The nerve.
ReplyDeleteI'm with Andrew, when my former employer (UPMC Healthcare) had a big data breach, our company paid for 1 year of ID protection for anyone who requested it. It sort of backfired though, as the ID company auto-enrolled everyone who used their services for a year and attempted to bill people (me included) the following year. Even the scam protectors are scammers.
ReplyDeleteDo you happen to remember what the name of the agency was?
DeleteI don't, I'm sorry. I asked my friend Danielle who still works there, she said she can ask around after the holiday.
DeleteSounds likeca scam. Are you sure the letter is legit?
ReplyDeleteIt was sent from our hospital. At least it purported to be from our hospital.
ReplyDeleteEvery time that's happened to me (and it's been much too frequently), the leaky org has offered a year FREE of extra protection from a monitoring site. I've never been charged. After the year, I might have been offered the choice to continue for a price, which I've always declined.
ReplyDeleteThis is interesting. I will call the hospital tomorrow to find out what is happening here. If you all are correct, I will come back and edit this post.
DeleteWe have to be so vigilant these days - too many conmen out to part us from our hard-earned cash.
ReplyDeleteSounds very dodgy to me.
ReplyDeleteThe breaches I've heard about offer a free year of protection. But I don't want to work with a company that works with a company that made a mistake! If I wanted to pay for protection, I'd get it on my own from another source. Linda in Kansas
ReplyDeleteI smell a rat.
ReplyDeleteBusinesses used to pay the mafia for protection
ReplyDeleteMy reading of the tea leaves is that the hospital is probably not getting a kickback. They are merely doing so to prevent an expensive lawsuit should one of their patients get severely harmed financially as a result of their negligence. They can then point and say that patient X never signed up for the identity protection service they advocated for.
ReplyDeletePersonally, I have just assumed mine, and every other single person's, social security number has been available on the dark web for many years. I long ago froze all my credit so that nobody can open accounts using my social security number. In the ten years since I did that, I have only unfrozen one of them once and that was to apply for a new credit card. But with internet access, that process only took a few minutes and then my credit was frozen again and will remain that way forever unless I ever need a different credit card.
That's a good point, Ed -- the notification probably protects the hospital from liability.
DeleteSelecting one company to tout as opposed to say, a collection of companies...that's the thing that strikes me as unethical, unless of course they are paying the company to provide the service.
DeletePs: Ed? How do you go about freezing your credit?
DeleteNever mind. I just read about it. Thanks for the tip!
DeleteSounds like a scam, Debby.
ReplyDeleteAs well as hackers breaking in, there is also the big business of selling on data. You are right to question. Proceed with care.
ReplyDeleteHmmmm...it does seem odd. Any chance the letter really isn't from the hospital? Then again, my brother bought Life Lock, which is a similar service, so some people do feel the need to invest in data protection.
ReplyDeleteEquifax had a breach a couple of years ago. As a result, I was given 3 years of free credit monitoring. I get an email about once a month enumerating things they find.
ReplyDeleteI forget which data breach it was, but I was given four YEARS of Experian monitoring for free. For you to have to pay for identity theft protection is just stupid, the hospital fell down on their job. I don't know how much Experian costs, but it's a major player in the security market.
ReplyDeleteFeels like a scam to me. Here's a review of Identity Defense. https://www.consumersadvocate.org/id-theft-protection/c/identity-defense-identity-theft-protection-review
ReplyDeleteTrust no one. Suspect everyone.
ReplyDeleteI am not a god in the cyber world like some folks🤓 (*cough* Tasker....) I am cautious because I am dumb😣. I have also been burnt. 🔥
DeleteI admire you for making all those calls to get a straight answer! I’ve done something like that in the past, and it not very enjoyable🙄Wishing you and your family a very Happy Thanksgiving!🍁xo, Ricki
ReplyDeleteI don't really have a horse in this race. I was just so curious about it all. It didn't frustrate me at all. I learned a lot. Mostly, I learned that I can freeze my own credit, which is fascinating. (Thanks, Ed!) We do not borrow money, and so this is a no-brainer for us.
Delete