Data Breach Compromises Personal Information of Over 600K Medicare Recipients

Kamso Oguejiofor-Abugu Kamso Oguejiofor-Abugu Writer

The personal information of approximately 612,000 Medicare beneficiaries has been exposed in a recent data breach, along with millions of other health care consumers. The breach was traced back to a vulnerability in Progress Software’s MOVEit Transfer software, which was part of the corporate network of Maximus Federal Services, a contractor working with the Medicare program. The breach occurred in May and came to light when the Centers for Medicare & Medicaid Services (CMS) made an official statement on July 28.

According to CMS, the compromised data includes sensitive information such as names, phone numbers, email addresses, mailing addresses, Social Security numbers, fax number, healthcare provider and prescription details, and health insurance claims. While the breach affected a significant number of individuals, the agency clarified that no CMS or Department of Health and Human Services systems were impacted.

“Maximus is among the many organizations in the United States that have been impacted by the MOVEit vulnerability,” CMS said in a press release. “This week, CMS and Maximus are sending letters to individuals who may have been impacted notifying them of the breach, and explaining actions being taken in response.”

Maximus Federal Services promptly responded to the incident, stating that it is committed to data privacy and security. The company is investigating the vulnerability in the MOVEit software and ensuring constant monitoring of its systems for any suspicious activity.

“To be clear, we have not identified any impact from the MOVEit vulnerability on other parts of our corporate network and remain confident in the integrity of the network,” Maximus said. It’s worth noting that Maximus and other companies regularly employ MOVEit and similar services for transmitting and storing sensitive information, making them potential targets for cybercriminals.

CMS and Maximus are offering two years of free credit monitoring services to the affected Medicare beneficiaries. Additionally, recipients are being informed about the process to obtain a new Medicare Beneficiary Identifier number, if applicable.

About the Author

About the Author

Kamso Oguejiofor is a former Content Writer at SafetyDetectives. He has over 2 years of experience writing and editing topics about cybersecurity, network security, fintech, and information security. He has also worked as a freelance writer for tech, health, beauty, fitness, and gaming publications, and he has experience in SEO writing, product descriptions/reviews, and news stories. When he’s not studying or writing, he likes to play basketball, work out, and binge watch anime and drama series.