Banner

News

Article

CMS announces data breach affected about 612,000 beneficiaries

Author(s):

Richard Payerchin

Hack involved information transfer software used by contractor.

cms computer image: © Timon - stock.adobe.com

© Timon - stock.adobe.com

A May data breach at a contractor may have affected about 612,000 Medicare beneficiaries.

The U.S. Department of Health and Human Services (HHS) and the U.S. Centers for Medicare & Medicaid Services (CMS) announced the hack did not affect their computer systems. But beneficiaries whose personally identifiable information (PII) or protected health information (PHI) will get free credit monitoring for two years.

The data breach involved the MOVEit computer application, developed by Progress Software Corp. to transfer data.

Contractor Maximus Federal Services Inc. was using the app when on May 30, 2023, the company “detected unusual activity” in the program. Maximus stopped using it the next day as Progress Software Corp. “announced that a vulnerability in its MOVEit software had allowed an unauthorized party to gain access to files across many organizations in both the government and private sectors,” said a notification letter sent to Medicare beneficiaries. CMS published the letter online.

On June 2, Maximus notified CMS of the incident and has since applied software security pateches. It appeared hackers obtained copies of files that were saved in the Maximus MOVEit program. Information may include:

  • Name
  • Social Security number or individual taxpayer identification number
  • Date of birth
  • Mailing address
  • Telephone number, fax number, and email address
  • Medicare beneficiary identifier (MBI) or health insurance claim number (HICN)
  • Driver’s license number and state identification number
  • Medical history or notes, including medical record/account numbers, conditions, diagnoses, dates of service, images, and treatments
  • Healthcare provider and prescription information
  • Health insurance claims and policy or subscriber information
  • Health benefits and enrollment information

Maximus is offering free two-year subscriptions to credit monitoring service Experian. CMS advised beneficiaries to obtain credit reports by calling 1-877-322-8228 or through annualcreditreport.com.

Beneficiaries may continue using their existing Medicare cards until new ones arrive by mail. Beneficiaries should destroy their old cards and inform providers of their new Medicare numbers.

Related Videos
Jay W. Lee, MD, MPH, FAAFP headshot | © American Association of Family Practitioners
Related Content
© LIGHTFIELD STUDIOS - stock.adobe.com
November 22nd 2024

Updated guidelines for CPR following drowning; former state senator defrauds HRSA to pay for wedding; first hangover treatment – Morning Medical Update

Ep 44: Noncompete clauses with Emma Schuering, JD
November 18th 2024

Ep 44: Noncompete clauses with Emma Schuering, JD

Health care costs on the rise: © darren415 - stock.adobe.com
November 21st 2024

Global medical costs to increase by double digits for third straight year, survey finds

Ep 43: The physician's guide to running for office
November 4th 2024

Ep 43: The physician's guide to running for office

Medicare fraud trial ©MaksymYamilianov - stock.adobe.com
November 21st 2024

Dallas jury finds practice liable for Medicare fraud that could result in more than $300 million in penalties

© fizkes - stock.adobe.com
November 21st 2024

70% of Americans want primary care providers to address mental health