• Revenue Cycle Management
  • COVID-19
  • Reimbursement
  • Diabetes Awareness Month
  • Risk Management
  • Patient Retention
  • Staffing
  • Medical Economics® 100th Anniversary
  • Coding and documentation
  • Business of Endocrinology
  • Telehealth
  • Physicians Financial News
  • Cybersecurity
  • Cardiovascular Clinical Consult
  • Locum Tenens, brought to you by LocumLife®
  • Weight Management
  • Business of Women's Health
  • Practice Efficiency
  • Finance and Wealth
  • EHRs
  • Remote Patient Monitoring
  • Sponsored Webinars
  • Medical Technology
  • Billing and collections
  • Acute Pain Management
  • Exclusive Content
  • Value-based Care
  • Business of Pediatrics
  • Concierge Medicine 2.0 by Castle Connolly Private Health Partners
  • Practice Growth
  • Concierge Medicine
  • Business of Cardiology
  • Implementing the Topcon Ocular Telehealth Platform
  • Malpractice
  • Influenza
  • Sexual Health
  • Chronic Conditions
  • Technology
  • Legal and Policy
  • Money
  • Opinion
  • Vaccines
  • Practice Management
  • Patient Relations
  • Careers

CMS announces data breach affected about 612,000 beneficiaries


Hack involved information transfer software used by contractor.

cms computer image: © Timon - stock.adobe.com

© Timon - stock.adobe.com

A May data breach at a contractor may have affected about 612,000 Medicare beneficiaries.

The U.S. Department of Health and Human Services (HHS) and the U.S. Centers for Medicare & Medicaid Services (CMS) announced the hack did not affect their computer systems. But beneficiaries whose personally identifiable information (PII) or protected health information (PHI) will get free credit monitoring for two years.

The data breach involved the MOVEit computer application, developed by Progress Software Corp. to transfer data.

Contractor Maximus Federal Services Inc. was using the app when on May 30, 2023, the company “detected unusual activity” in the program. Maximus stopped using it the next day as Progress Software Corp. “announced that a vulnerability in its MOVEit software had allowed an unauthorized party to gain access to files across many organizations in both the government and private sectors,” said a notification letter sent to Medicare beneficiaries. CMS published the letter online.

On June 2, Maximus notified CMS of the incident and has since applied software security pateches. It appeared hackers obtained copies of files that were saved in the Maximus MOVEit program. Information may include:

  • Name
  • Social Security number or individual taxpayer identification number
  • Date of birth
  • Mailing address
  • Telephone number, fax number, and email address
  • Medicare beneficiary identifier (MBI) or health insurance claim number (HICN)
  • Driver’s license number and state identification number
  • Medical history or notes, including medical record/account numbers, conditions, diagnoses, dates of service, images, and treatments
  • Healthcare provider and prescription information
  • Health insurance claims and policy or subscriber information
  • Health benefits and enrollment information

Maximus is offering free two-year subscriptions to credit monitoring service Experian. CMS advised beneficiaries to obtain credit reports by calling 1-877-322-8228 or through annualcreditreport.com.

Beneficiaries may continue using their existing Medicare cards until new ones arrive by mail. Beneficiaries should destroy their old cards and inform providers of their new Medicare numbers.

Related Videos
© National Institute for Occupational Safety and Health
© National Institute for Occupational Safety and Health
© National Institute for Occupational Safety and Health
© National Institute for Occupational Safety and Health
© National Institute for Occupational Safety and Health