Description: In June, two major breaches compromised over 13 million patient records. Now, a newly confirmed Medicare data breach has affected more than 100,000 Americans. Hackers accessed sensitive data linked to Medicare.gov accounts, including full names, dates of birth, ZIP codes, Medicare Beneficiary Identifiers (MBIs), Medicare coverage details, home addresses, provider and diagnosis codes, services received, and plan premium details. CMS has deactivated all affected accounts and is mailing new Medicare cards to the estimated 103,000 individuals affected. No confirmed identity theft cases have been reported yet.

Description: CMS, in collaboration with its contractor WPS, is addressing a breach where private health information may have been exposed due to a vulnerability in MOVEit software used for Medicare administrative tasks. The incident exposed personal data of Medicare beneficiaries and additional PII for CMS audits. The breach, discovered between May 27 and May 31, 2023, affected approximately 946,801 individuals, leading to notifications being sent to those impacted.

Description: CMS, along with WPS, is alerting individuals about a potential compromise of protected health information due to a security vulnerability within the MOVEit software. This third-party application's flaw permitted unauthorized access to personal data of Medicare beneficiaries and PII related to CMS healthcare provider audits between May 27 and May 31, 2023. About 946,801 Medicare recipients are being notified of the incident that involves the breach of sensitive data. The breach was brought to CMS's attention on July 8, potentially affecting the privacy of a substantial number of people.

Description: In a security incident revealed by CMS and their contractor WPS, personally identifiable information (PII) of Medicare beneficiaries and others may have been compromised due to a vulnerability exploited in the MOVEit software. Information related to the management of Medicare claims and CMS healthcare provider audits was potentially accessed without authorization. This incident, affecting 946,801 individuals, was discovered to have occurred between May 27 and May 31, 2023, leading to a large-scale notification effort.

Description: CMS, alongside WPS, is alerting individuals to a breach stemming from a vulnerability in MOVEit software. This incident, detected on July 8, compromised PII of Medicare beneficiaries and others, potentially impacting 946,801 people. The data breach involved information used in Medicare claim management and CMS audits. Personal information was exposed during the unauthorized access that occurred between May 27 and May 31, 2023.

Description: On September 6, CMS announced a data breach notification stemming from a security vulnerability in MOVEit, a file transfer application by Progress Software, used by the contractor WPS. This breach potentially affected the sensitive data of around 946,801 Medicare beneficiaries, compromising personal information collected for Medicare claims management and supporting CMS healthcare provider audits. The data may include PII of both Medicare beneficiaries and non-beneficiaries. The breach was detected between May 27 and 31, 2023, with CMS being notified on July 8. Affected individuals are being contacted via mail.

Description: CMS and WPS are notifying individuals of a security incident that resulted from a vulnerability in MOVEit software, leading to potential unauthorized access to personal information. This incident has potentially compromised PII of Medicare beneficiaries, impacting Medicare claims management and healthcare provider CMS audits. Approximately 946,801 people with Medicare are being affected with notifications being dispatched.