Fake Ascension / CommonSpirit 2026 HHS-OCR breach notification credit-monitoring enrollment lure — "Free credit monitoring / identity protection — enroll within 30 days to claim your benefit" harvesting SSN + DOB + insurance-beneficiary IDs from patients of the affected health systems. Post Change-Healthcare-2024, both Ascension and CommonSpirit filed multi-million-patient HHS OCR breach notifications, lending the lure massive credibility. Real breach-monitoring enrollment goes through legitimate identity-protection vendors (IDX, Experian, Kroll) with a postal letter + enrollment code, never via inbound email link requesting personal information. Source: GC1 R7 multiagent council top-5 (S2 healthcare specialist).

Fake Ascension / CommonSpirit 2026 HHS-OCR breach notification credit-monitoring enrollment lure targeting patients of the affected hospital systems with a "free credit monitoring / identity protection — enroll within 30 days to claim your benefit" pretext. Post Change-Healthcare-2024 (the largest healthcare data breach in US history at ~190M affected individuals), both Ascension (Catholic non-profit, ~140 hospitals across 19 states) and CommonSpirit (formerly Catholic Health Initiatives + Dignity Health, ~140 hospitals across 21 states) filed multi-million-patient HHS OCR breach notifications in 2024-2026, creating a large + recently-engaged target population that has been primed to expect "your health data was exposed, here's your free monitoring" emails. The 2026 lure variants harvest SSN, DOB, Medicare beneficiary IDs, insurance member-IDs, and bank-account information through fake enrollment forms designed to look like IDX, Experian, or Kroll identity-protection portals. Real breach-monitoring enrollment is delivered through legitimate identity-protection vendors (IDX, Experian, Kroll) with a postal letter + enrollment code mailed to the patient's address of record from the breach disclosure; the patient never receives an inbound email link that requests personal information for first-time enrollment. Compromised victims face full identity-theft cascade (synthetic-identity creation, medical-billing fraud, tax-refund redirect) PLUS the dignity loss of secondary exploitation following the original breach. Fires when body references Ascension / CommonSpirit / HHS OCR / breach notification / credit monitoring / identity protection AND contains enroll / activate / claim with the corresponding free-monitoring / free-protection / free-identity object, or action-required urgency. Excludes hhs.gov, ascension.org, commonspirit.org, idx.us, experian.com, kroll.com, and the broader .gov umbrella. Auto-classified as danger via the `-lure` suffix. Source: GC1 R7 multi-agent council top-5 (S2 healthcare specialist).