Nearly 1M Medicare beneficiaries potentially affected after data breach

CMS is sending out letters to the over 946,800 potentially impacted individuals

Nearly 1 million Medicare beneficiaries are being warned that their personal information may have been compromised in a cybersecurity incident last year.

The Centers for Medicare & Medicaid Services (CMS) and Wisconsin Physicians Service Insurance Corporation (WPS), the contractor that utilized the affected MOVEit software, said last week that 946,801 people on Medicare were notified that they may have had "protected health information or other personally identifiable information" compromised.

Names, dates of birth, Social Security numbers, mailing addresses, Medicare Beneficiary Identifiers and certain other personal information may have been exposed, according to CMS.

A hand rests on a keyboard, with binary code displayed on a laptop screen.

Names, dates of birth, Social Security numbers, mailing addresses, Medicare Beneficiary Identifiers and certain other personal information may have been exposed. (Jakub Porzycki/NurPhoto via / Getty Images)

The federal agency said files with personal information were "compromised" between May 27 and 31 of last year during a cybersecurity incident involving the Progress Software-developed MOVEit file transfer system that WPS utilized.

WPS learned bad actors "copied files from WPS’s MOVEit file transfer system" during another review that occurred this summer related to the 2023 incident, CMS said.

HEALTH CARE INDUSTRY EXPERIENCING INCREASING ATTACKS BY CYBERCRIMINALS

"CMS and WPS are not aware of any reports of identity fraud or improper use of your Personal Information as a direct result of this incident, however, we are taking this opportunity to notify you so that, if you wish to do so, you can take advantage of the information and resources referenced in this notice," they said in a sample of the letter.

In the letter, CMS said beneficiaries' Medicare coverage was "not affected as a result of this incident." Still, it is providing them with a new Medicare number and card.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

Those who were potentially affected will receive free access to Experian credit monitoring for 12 months as part of CMS’ response to the incident.

"We take the privacy and security of your Medicare information very seriously," the CMS letter said. "CMS and WPS apologize for the inconvenience this incident might have caused you."

The MOVEit software developer resolved the issue with a software patch.

Hacker computer monitors

The federal agency said files with personal information were "compromised" between May 27 and 31 of last year. (  / iStock)

AT&T HACKER STEALS CALL, TEXT RECORDS OF ‘NEARLY ALL’ CUSTOMERS

A total of 67.4 million people have some form of Medicare.