Over 900,000 Medicare beneficiaries are at risk of data breach.

Over 900,000 Medicare beneficiaries have recently discovered that their personal information may have been exposed in a data breach that occurred last year. This incident follows another and underscores the ongoing difficulties in safeguarding sensitive healthcare data and the need to remain cautious about protecting your personal information.

The breach: What happened?

CMS is informing 946,801 Medicare beneficiaries that their personal data may have been exposed due to a security issue with the MOVEit file transfer software used by Wisconsin Physicians Service Insurance Corp., a CMS contractor.

On July 8, 2024, WPS Insurance Corp. informed CMS that a cybersecurity incident occurred with MOVEit, a file transfer software, resulting in the compromise of files containing protected health information, including Medicare claims data and other personally identifiable information.

Between May 27 and May 31, 2023, unauthorized access to personal information occurred due to a vulnerability in the MOVEit software. Progress Software, the developer of MOVEit, discovered and publicly disclosed this vulnerability on May 31, 2023, and promptly released a software patch to address the issue.

In May 2024, new information led WPS to conduct a more comprehensive review with the help of a third-party cybersecurity firm. This review revealed that an unauthorized third party had copied files from WPS's MOVEit system before the patch was applied, despite the patch being successfully applied in early June 2023.

WPS, in collaboration with law enforcement, assessed the affected files. Initially, the examined portion did not contain personal data. However, on July 8, 2024, WPS discovered that some files in a different area contained personal information, prompting the immediate notification of CMS.

Despite not being aware of any reports of identity fraud or misuse of personal information resulting from the incident, CMS and WPS are taking proactive measures to notify potentially affected individuals and provide resources to help protect their personal information.

Medicare benefits and coverage remain unchanged despite this incident.

What information was exposed?

The compromised data potentially includes:

• Names
• Addresses
• Birth dates
• Social Security numbers
• Medicare Beneficiary Identifiers (MBIs)
• Hospital account numbers
• Dates of services

Steps being taken by CMS

The Centers for Medicare & Medicaid Services and Wisconsin Physicians Service Insurance Corp. are taking comprehensive measures to address the data breach and protect affected beneficiaries. They have initiated a process of mailing written notifications to all individuals whose information may have been compromised. These notifications provide detailed information about the breach and offer guidance on protective steps.

Complimentary credit monitoring services are being offered by CMS and its contractor to affected beneficiaries for 12 months. This service will assist individuals in monitoring their credit reports for any suspicious activity that may indicate identity theft or fraud.

Medicare is issuing new cards to beneficiaries whose MBIs were exposed in a breach. The new cards will have updated MBIs, rendering the compromised numbers invalid and adding an additional layer of security to beneficiaries' accounts.

WPS has prepared a comprehensive letter to be sent to all potentially affected individuals, detailing the nature of the breach, the specific information compromised, and instructions on how to utilize protection services. The letter also includes contact information for further assistance and answers to frequently asked questions, providing beneficiaries with the support they need to navigate this challenging situation.

CMS responded to our inquiry about this article with the statement, "We prioritize the privacy and security of your Medicare information. CMS and WPS express regret for any inconvenience this incident may have caused."

What you should do

To safeguard yourself as a Medicare beneficiary, follow these steps.

Be wary of unsolicited calls or emails claiming to be from Medicare, as CMS will only communicate officially through letters to affected individuals.

If you receive a notification letter, utilize the free credit monitoring services to keep track of your credit.

Examine your Medicare summary notices to identify any unknown charges or services.

Be cautious of individuals who reach out to you regarding the need for a new Medicare card, as it is most likely a fraudulent scheme.

If you have concerns about your Medicare account, call 1-800-MEDICARE to inquire about any data breaches.

Contact your state's Senior Medicare Patrol for guidance if you suspect fraud.

Be wary of digital communications: Avoid clicking on any links or downloading attachments in unsolicited emails, texts, or social media messages that claim to be from Medicare or related to the data breach. These could be phishing attempts to obtain more of your personal information. The best way to safeguard yourself from clicking on malicious links is to install antivirus software on all your devices. This can also alert you to any phishing emails or ransomware scams. Check out my top picks for the best 2024 antivirus protection for your Windows, Mac, Android, and iOS devices.

Protect yourself from identity theft by using a service that monitors your personal information and alerts you if it is being sold on the dark web or used to open an account. These services can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals. Check out my tips and best picks for protecting yourself from identity theft.

To safeguard your Medicare beneficiary information from data breaches, consider employing a reliable data removal service. These services can assist in reducing your digital footprint by erasing your personal information from numerous online databases and people-search websites. This can make it more challenging for scammers to locate and misuse your information. However, exercise caution when choosing such a service and verify its legitimacy, as some fraudsters may pose as data removal services to obtain more of your personal information. Check out my top recommendations for data removal services here.

Protecting your Medicare information

To protect your Medicare information, avoid sharing your number with unsolicited callers or emailers, be cautious about giving personal information over the phone or online, regularly review your Medicare statements for any unusual activity, and keep your Medicare card in a safe place, like you would a credit card.

Kurt's key takeaways

To safeguard your personal and health care information from potential misuse, it's crucial to stay informed and take proactive steps. Medicare will never contact you unsolicited to request personal information or issue a new card. If you're unsure, simply hang up and contact Medicare directly using the official number on your card or the Medicare website. By remaining vigilant and adhering to these guidelines, you can minimize the risks of data breaches.

What additional measures do you believe Medicare and its associated organizations should implement to safeguard beneficiaries' personal information and prevent future security breaches in the health care sector? Please share your thoughts with us at Cyberguy.com/Contact.

To receive my tech tips and security alerts, sign up for my free CyberGuy Report Newsletter at Cyberguy.com/Newsletter.

Let us know what stories you'd like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2024 CyberGuy.com. All rights reserved.