CMS and WPS have notified nearly 947,000 Medicare beneficiaries of a data breach caused by a vulnerability in MOVEit software. Affected individuals are offered free credit monitoring and new Medicare ID cards.
Key Points
- Nearly 947,000 Medicare beneficiaries affected: CMS and Wisconsin Physicians Service Insurance (WPS) report potential exposure of sensitive personal information due to a security vulnerability.
- MOVEit software breach identified as the cause: The breach occurred through a vulnerability in MOVEit software, widely used by U.S. organizations.
- Credit monitoring and new Medicare cards offered: Affected individuals are provided with free credit monitoring services and will receive new Medicare ID cards if their information is compromised.
Full Article
The Centers for Medicare & Medicaid Services (CMS) and Wisconsin Physicians Service Insurance Corporation (WPS) have issued notifications to almost 947,000 Medicare beneficiaries whose personal and health information may have been compromised in a recent data breach. The incident stems from a vulnerability in MOVEit software, a third-party file transfer application developed by Progress Software, which WPS uses to manage Medicare claims for CMS.
CMS and WPS are among several organizations impacted by the MOVEit vulnerability, which was initially identified and patched in June 2023. Although an initial investigation found no evidence of unauthorized data access, new findings prompted a reevaluation, revealing that protected health information (PHI) and other sensitive details may have been accessed between May 27 and 31, 2023.
What Information Was Involved?
According to CMS, the data potentially exposed in the incident includes the following:
- Full names
- Social Security numbers or taxpayer identification numbers
- Dates of birth
- Mailing addresses
- Medicare Beneficiary Identifiers (MBI) and/or Health Insurance Claim Numbers
- Health service details such as hospital account numbers and service dates
Actions CMS and WPS Are Taking
To help protect affected individuals, CMS and WPS have arranged for free credit monitoring services through Experian. Additionally, those whose Medicare Beneficiary Identifiers may have been exposed will receive new Medicare ID cards. Affected individuals are advised to destroy old cards upon receiving their replacements and inform healthcare providers of their new information.
CMS continues to work closely with WPS, law enforcement agencies, and cybersecurity experts to address and mitigate the impact of the breach.
What You Can Do
CMS and WPS are encouraging affected individuals to take advantage of the resources provided, including the Experian credit monitoring and regular checks of their credit reports. They also recommend remaining vigilant by monitoring credit reports for any unusual activity and reporting it to authorities.
For assistance, affected beneficiaries can contact Experian’s response line at 833-931-5700. Additionally, general Medicare inquiries can be directed to 1-800-MEDICARE.
Conclusion
The CMS and WPS data breach highlights the importance of cybersecurity in protecting sensitive Medicare information. Senior Help and You is available to answer questions about Medicare and offer guidance on Medicare-related security incidents. Contact us at Senior Help and You for personalized support.
Key Takeaways
- Data protection: CMS is reinforcing protective measures, and beneficiaries are advised to remain vigilant with their credit monitoring.
- New Medicare ID cards: New Medicare ID cards will be provided to affected beneficiaries.
- Available support: Beneficiaries can use Experian’s services and contact CMS for assistance.
Sources:
Centers for Medicare & Medicaid Services (CMS). (2024, October 12). CMS notifies individuals potentially impacted by data breach. Retrieved from https://www.cms.gov
