I got a voicemail from the Kroger pharmacist who told me to call her back. It was definitely the Kroger pharmacy number because I’ve had to call it before, so that was not part of the scam.
However, some scammer who knew who my health insurance company was (I get it through my wife, which ads to the creepiness here) tried to get my personal health data from the Kroger pharmacy. They asked for personal info and the pharmacist said she wouldn’t give it to them but would have me call them back.
She told me all of this when I called her to find out what was up. She gave me the number and the first thing I did was look it up to see if it was legitimate because that just sounded off to me.
Sure enough, the first link that came up was a Facebook post (Why Facebook as the first link in the search? No idea.) warning about that number specifically scamming people by pretending to be my insurance company, followed by other links on other websites talking about it being a scammer source, and not just just for health insurance scamming.
They’ve also somehow fucked with the SEO because in between those were legitimate links to my health insurance company, but that phone number is not on the pages.
I feel really bad for anyone who falls for this, because it was clearly just legitimate enough for the pharmacist to not suggest to me that I should be careful about being scammed. I know exactly who I talked to and she’s a cool lady, so I’m pretty sure she would have if she was sure enough.
Glad they helped you
Me too!
Someone emailed my boss a while back pretending to be me. Asked that my direct deposit be changed. Boss told me he nearly sent it to the accountant but decided he should double check with me first. People are assholes.
One of the best anti-scam advice I was ever given was to always call the number I knew was valid like the one on my insurance card in this instance and verify that way.
That’s part of HIPAA I believe
HIPAA is about disclosure of personal medical details not about what phone numbers to call.
That’s not really correct. HIPAA is a set of requirements that governs everything that touches HIPAA protected data.
It’s also just a good policy in general. Anytime you receive a communication that’s prompting you to do something that you weren’t expecting to receive you should ignore any links, phone numbers, replies, etc. in that communication and instead reach out using a known good mechanism. Doing that one thing stops the overwhelming majority of scams in their tracks.
Report this to the authorities. The pharmacy should also report it and do an investigation.
The FBI would be happy to look into this. Chances are you are not the only victim.
That’s a good idea. Any idea who I should report it to specifically? Like is there a certain department I need to talk to?
I’d also hit up your state pharmacy board.
Your pharmacy did the right thing by not revealing information and calling you, other pharmacies likely aren’t that smart.
Good idea. Thanks.
Thank you!
Change Healthcare just announced data for 100 million people was stolen when they got breached back in Feb. They handle all kinds of pharmacy stuff so I imagine this will happen a lot here on out.
Scammers are crafty assholes.
Your health insurance information may have been leaked. There’s been a ton of data leaks as of recent and it’s not unlikely that a list of health insurance providers and their customers are on the dark web somewhere and this is where they got that information about you.
Worse about these data leaks is that a lot of the ones being announced happened months ago, so it’s likely we still have some leaks that haven’t yet made it to the news to let people know their information is out there.
Getting your health data from the pharmacy may have just been the next step in their plan of getting to you to trick you into giving up money, or somehow using your information to do something illegal.