Nearly a million Medicare beneficiaries face potential identity theft due to a recent data breach.
At a Glance
- Almost 900,000 Medicare beneficiaries were notified about the potential data breach.
- Information compromised includes Social Security numbers and medical records.
- The breach was tied to a vulnerability in the MOVEit software by Progress Software.
- Authorities advise monitoring accounts and adopting protective measures.
Details of the Breach
On July 8, 2024, authorities discovered a data breach affecting nearly 900,000 Americans enrolled in Medicare. The Centers for Medicare & Medicaid Services (CMS) and Wisconsin Physicians Service Insurance Corporation (WPS) have started notifying individuals about the compromise of their protected health information (PHI) and personally identifiable information (PII).
The breach has been linked to a vulnerability in the MOVEit software developed by Progress Software. This software is used by WPS for file transfers. Despite a patch being released and applied in early June 2023, unauthorized third parties managed to copy files before the patch was implemented. This breach has placed sensitive data such as Social Security numbers, dates of birth, and medical records at risk.
Sensitive data, including personal and health information, was exposed in a cyber incident against MediSecure. Learn about the #DataBreach here: https://t.co/tJwA33OmVY 📸 Unsplash #Healthcare #DataSecurity
— SECURITY Magazine (@securitymag) July 25, 2024
Affected Individuals and Measures
Written notifications are being sent to approximately 946,801 current Medicare beneficiaries whose information may have been compromised. For those with outdated or insufficient contact information, a substitute notice will be posted. While there have been no reports of identity fraud or misuse of the data so far, individuals are urged to monitor their accounts for suspicious activity.
“The sensitive personal and health information of approximately 612,000 Medicare beneficiaries was exposed as part of the MoveIT transfer service breaches, according to the CMS,” reports Cybersecurity Dive.
Affected individuals are being offered 12 months of free credit monitoring services from Experian. They are also advised to obtain free credit reports and monitor for any unusual activities. CMS plans to issue new Medicare cards with new numbers to individuals whose data has been compromised.
Nearly 1 Million Social Security Numbers Exposed in Medicare Data Breach
A data breach at a Medicare contractor may have compromised sensitive information, including Social Security numbers, of nearly 1 million beneficiaries.https://t.co/2HFaux3TA8
— The Epoch Times (@EpochTimes) September 7, 2024
Broader Implications and Response
This breach is part of a larger incident involving over 500 organizations and exposing the data of almost 37 million people. The Russian ransomware gang Clop is attributed to the security compromise. This incident underscores the ongoing challenges in healthcare data protection, emphasizing the urgent need for better security protocols.
In response, CMS and WPS are investigating the breach in coordination with law enforcement and cybersecurity consultants. They are committed to ensuring the privacy and security of Medicare information moving forward.
Sources:
- CMS Notifies Individuals Potentially Impacted by Data Breach
- 900,000 Americans on Medicare Warned of Data Breach
- Medicare beneficiaries alerted to contractor data breach
- MoveIT breach exposes data of 612K Medicare beneficiaries, CMS says
- CMS Responding to Data Breach at Contractor
- Data Breach Exposes Personal Information of 612K Medicare Recipients
- Nearly 1 million Wisconsin Medicare users had information leaked in MOVEit breach
- Medicare Data Exposed in Data Breach at Boston Consulting Firm
- Medicare Data Breach 2024: What You Need to Know