Consumer Alert: A huge data breach is affecting patients across the Rochester area — here’s what you need to do

Many across the greater Rochester area got a disturbing letter in the mail Wednesday saying your health information was exposed to hackers. And many of our viewers reached out to us with questions.

They’re from the Greater Rochester Independent Practice Association or GRIPA. Every single viewer who contacted me said they had never done business with this organization, and they wanted me to investigate to see if it was a scam.

“There are so many scams that are going around, you don’t know which one is real and not real,” said Annie Marie Barnes, a Rochester resident who got the letter. “And so I called my daughter and she said, ‘Mom, don’t do anything. Find someone who can do some investigation without giving away any additional personal information that you may have.’ And that’s when I called channel 10.”

And that’s when I started digging. I learned that the GRIPA is a train conductor of sorts, coordinating a plethora of healthcare services for healthcare providers all across our area. So even though the folks who got these letters didn’t directly do business with the company, GRIPA had access to their information.

GRIPA was not compromised; a huge file transfer software company called MOVEit was hacked.  So 2,500 private businesses and government entities that use MOVEit software were compromised including GRIPA, the Pentagon, the Department of Justice, New York City Public Schools and hundreds more.

Barnes’ letter indicated her name, birthdate and health information were compromised, as was the case for most folks in our area.

“It made me real nervous because I know someone that I worked with years ago, and it’s taken until this day still that her identity has not been cleared,” said Barnes.

Do not ignore the letter.  Here’s Deanna’s Do List”

  • GRIPA is offering credit monitoring through a company called IDX.  Sign up at http://app.idx.us/account-creation/protect
  • Contact each of the three credit bureaus and place a fraud alert or freeze on your account.
  • Review your credit reports to make sure no one has already opened an account in your name.

This breach of MOVEit’s software happened in May, and the folks at GRIPA tell me they’ve seen no evidence that anyone’s information has been misused. But these thieves got a lot of information because so many public and private businesses across the country use MOVEit software.  Like any other breach, it’s important to be proactive. and take steps now before a thief uses your information.

Here’s contact information for all three credit bureaus:

Equifax online: https://www.equifax.com/personal/credit-report-services/credit-freeze/

  • By mail: Request your credit freeze by certified mail.
    • Use the following address:
      • Equifax Security Freeze
        P.O. Box 105788
        Atlanta, GA. 30348

Transunion online:  https://freeze.transunion.com/sf/securityFreeze/landingPage.jsp

  • By phone: 1-888-909-8872
  • By mail: Request your credit freeze by certified mail
    • Use the following address:
      • TransUnion LLC
        P.O. Box 2000
        Chester, PA 19016

Experian online: https://www.experian.com/ncaconline/freeze

  • By phone: 1-888-EXPERIAN (1-888-397-3742).
  • By mail: Request your credit freeze by certified mail.
    • Use the following address:
      • TransUnion LLC
        P.O. Box 2000
        Chester, PA 19016