Get leading IDX identity theft protection
This notice is from CPS Solutions, LLC (“CPS Solutions”), which helps support pharmacy operations, to inform you of a recent cybersecurity incident that may have affected your personal information. CPS Solutions works with certain hospitals and health care providers to help patients receive medications at a reduced cost or for free. You may have received services from one or more of these hospitals and/or providers.
As a vendor, CPS Solutions is posting this substitute notice link to provide customers and individuals with information about this incident. CPS Solutions has notified all affected customers and is working with them to coordinate providing notice on their behalf, as instructed by them. Not all CPS Solutions customers were affected.
What happened?
On December 4, 2024, CPS Solutions discovered that an unauthorized third party gained access to one CPS Solutions employee’s O365 business email account. Upon discovery, CPS Solutions immediately forced a password reset, disabled the email account, and took other appropriate steps to prevent further unauthorized access. The email account was secured that same day, and an investigation was launched to determine the potential scope and impact. Our findings indicate that an unauthorized third party was able to access and remove data from the account, which may have contained limited personal information, between December 2 to 4, 2024. This account is separate from CPS Solutions’ internal network and systems, which were not affected by this incident.
On January 24, 2025, CPS Solutions completed a comprehensive review which identified all customers and individuals potentially affected by this incident and to whom they belong. Based on the results of that review, we formally notified your health care provider regarding this incident on February 10, 2025. To date, we are not aware of any misuse of the data.
What information was involved?
The personal information involved may have included: (1) full name, date of birth, and address; (2) health insurance information (such as member/group ID number or Medicaid/Medicare number); and/or (3) medical information (such as medical record number or patient account number, clinical information, provider information, diagnosis or treatment information, or prescription information such as medication name). Not all data elements were involved for every potentially affected individual.
For the majority of potentially affected individuals, Social Security numbers were not impacted. Driver’s license numbers, credit and debit card information, bank account information, test results, images, and hospital medical records were also not involved in this incident.
What is CPS Solutions doing?
CPS Solutions takes privacy and security seriously. As soon as the incident was discovered, we took immediate action to mitigate and remediate the incident and to help prevent further unauthorized activity. In response to this incident, security controls and monitoring capabilities are being enhanced and systems are being hardened as appropriate to minimize similar incidents in the future.
What individuals can do:
We are offering patients of affected CPS Solutions customers two (2) years of free credit monitoring and identity protection services through IDX. Details of your complimentary membership are found in the Reference Guide along with instructions for registering for this service. The “Additional Resources” tab at the bottom of this page provides additional steps you may take to help monitor and protect your personal information. We also encourage you to carefully review statements sent from healthcare providers and insurance companies to ensure that all of your account activity is valid. Any questionable charges should be promptly reported to the provider or company with which you maintain the account.
For more information:
If you have any questions or would like additional information, please contact us toll free at 1-877-332-4437 between 8:00 AM to 8:00 PM CT, Monday through Friday, except holidays. You can also review the “Frequently Asked Questions” tab at the bottom of this page for more information.
We regret any concern this incident may cause you and want to assure you that we take this matter seriously. We are mailing letters to individuals whose information may have been involved in this event. Because we may not have addresses for everyone, we are posting this substitute notice on this website, as allowed by the Health Insurance Portability and Accountability Act (HIPAA). Each affected customer of CPS Solutions will determine, consistent with HIPAA, whether to post the link for this substitute notice on their own websites for their own patients to see. This substitute notice link provided by CPS Solutions will remain active for at least 90 days.
CPS Solutions is offering IDX identity theft protection services which helps protect your identity with:
Credit Monitoring
Credit monitoring (for adults) that alerts you to any changes to your credit report
CyberScan™
CyberScan will monitor criminal websites, chat rooms, and bulletin boards for illegal selling or trading of your personal information
ID Theft Insurance
Up to $1,000,000 in insurance reimbursements, covering certain expenses that you may incur in responding to an ID theft event
Dedicated Experts
Access to Fraud Resolution Representatives to resolve identity theft issues
On request, any of the three nationwide consumer credit reporting companies can place a free fraud alert in your file to alert potential creditors that you may be a victim of identity theft; a fraud alert can make it more difficult for someone to get credit in your name because it tells creditors to follow certain procedures to protect you.
A fraud alert will help prevent someone from opening new accounts in your name. As soon as one credit reporting bureau confirms your fraud alert, the others are automatically notified to place fraud alerts as well. All three bureaus will mail you a confirmation letter and you will be able to order complimentary credit reports for your review.
The easiest way to place an alert is by visiting www.transunion.com or https://fraud.transunion.com/fa/fraudAlert.
You will answer some questions to confirm your identity, and then a 90-day fraud alert will be added to your credit file. TransUnion will give you access to view your report online. You should examine it carefully for accuracy. TransUnion will also share this information with Equifax and Experian who will both mail you confirmation letters containing a number to call to order complimentary copies of your credit reports for review.
To contact one of the credit reporting bureaus, please see below:
Equifax: 1-800-525-6285
PO Box 740260
Atlanta, GA 30374
Experian: 1-888-397-3742
PO Box 9554
Allen, TX 75013
TransUnion: 1-800-680-7289
PO Box 2000
Chester, PA 19016
It is only necessary to contact one of these bureaus and use one of these methods.
You will not be charged for this service. Please note placing a fraud alert may delay your ability to open new lines of credit quickly.
Whether or not you choose to enroll in the IDX identity protection program, you can order a copy of your credit report, for free, once a year from each credit reporting bureau. You can obtain a free credit report by visiting www.annualcreditreport.com or by calling 1-877-322-8228.
When you receive any credit report, you should review it carefully. Look for accounts you did not open. Look for inquiries from creditors that you did not initiate. Look for personal information, such as home address, employment or Social Security numbers, that are not accurate. If you see anything you do not understand, call the credit reporting bureau at the telephone number on the report.
If your credit report indicates fraud or identity theft, call your local police or sheriff’s office and file a report of identity theft. Get a copy of the police report. You may need to give copies of the police report to creditors to clear up your records. If you suspect that you may be a victim of identity theft and you have enrolled in the IDX identity protection program, you should contact them immediately. You will be able to speak with a knowledgeable advocate about your situation and, if needed, they will open a case to resolve the identity theft on your behalf.
Should you wish to learn more about identity theft and how to protect yourself, you may contact the Federal Trade Commission at 1-877-438-4338. The FTC website, www.consumer.ftc.gov, also offers additional information on identity theft that you may find helpful.
The security freeze (or credit freeze) is an option best reserved for people who have experienced extreme identity theft. Because the freeze essentially locks down your credit, it is not a good option for people who are simply seeking extra protection for their credit. We feel that credit monitoring, fraud alerts, and victim restoration services are more than sufficient options for defense against identity theft.
A security freeze will not prevent you from enrolling in our services. You can certainly sign up with us and do not need to lift the freeze to do so. The reason for this is because we do not request your Social Security number to enroll—only name, address, phone, and email. None of these items would necessitate a credit inquiry. However, a security freeze will affect your ability to activate the monitoring portion of your membership. To activate the monitoring portion you will need to temporarily lift your security freeze.
To learn more about security freezes and relevant state laws, contact your State Attorney General’s office or visit the Federal Trade Commission’s website for credit freeze information.
Please note that you must have an established credit file and credit history to place a fraud alert, a credit freeze or utilize www.annualcreditreport.com.