Should I use the identity theft service provided after the Blue Cross/Excellus hack?

I got a letter in the mail stating that I was one of the millions of people with Blue Cross / Excellus who had their medical records hacked. That included my address, phone number, social sec number, medical records, and who knows what.
Great. Now they are offering Identity Theft protection for 2 years by Kroll. After verifying this was not a scam, I went to the site and started the process. They want my name, address, email, phone number, security question, and then the info to protect , soc sec number, medical records, credit cards, email addresses, banking information, etc.
It occurs to me that I am giving someone a complete “Fullz” on me that some slimebag employee in the company can sell. How do I know their system won’t be hacked by insiders?
Let’s assume the Kroll monitoring service is perfectly secure and will work, but what happens in 2 years? Do they hold me hostage by strong-arming me into suggesting I continue with the “service” for a fee? I doubt my information will disappear.
So far I only gave them my email address and a phone number. Should I offer something else to “protect”?
Did anyone else get the same letter? Did you use the service? Should I use it? Am I being unreasonably paranoid?