Nearly one million Medicare beneficiaries recently learned that their personal information may have been exposed in a data breach last year. The incident comes on the heels of other incidents, highlighting the ongoing challenges in protecting sensitive health data and the importance of remaining vigilant about personal information.
For security alerts and expert tips, sign up for KURT's newsletter, The Cyberguy Report, here.
The security vulnerabilities may have exposed the personal data of a total of 946,801 Medicare beneficiaries. (Kurt “Cyberguy” Knutson)
Violation: What happened?
The Centers for Medicare and Medicaid Services (CMS) 946,801 Medicare Beneficiaries A security vulnerability in MOVEit file transfer software used by Wisconsin Physicians Service Insurance Corp., a CMS contractor, may have led to the personal data being exposed.
On July 8, 2024, Wisconsin Physicians Service (WPS) Insurance Corp. notified CMS of a cybersecurity incident involving the file transfer software MOVEit, which compromised files containing protected health information, including Medicare claims data and other personally identifiable information.
A vulnerability in MOVEit software allowed unauthorized access to personal information between May 27th and May 31st, 2023. Progress Software, the developer of MOVEit, discovered and disclosed the vulnerability on May 31st, 2023, and promptly released a software patch to address the issue.
WPS quickly applied the patch and conducted an initial investigation, which did not find any evidence of unauthorized file access at the time. However, after receiving new information in May 2024, WPS engaged a third-party cybersecurity firm to conduct a more thorough investigation. This investigation confirmed that although the vulnerability was successfully fixed in early June 2023, an unauthorized third party had copied files from WPS's MOVEit system before the patch was applied.
WPS worked with law enforcement to evaluate the affected files. Initially, the portions examined did not contain any personal information. However, on July 8, 2024, WPS discovered that some files in other portions contained personal information and immediately notified CMS.
At this time, CMS and WPS are not aware of any reports of misuse of personal information or identity theft as a direct result of this incident, however, both companies are taking proactive steps to notify potentially affected individuals and provide resources to help protect their personal information.
It is important to note that this case does not affect your current Medicare benefits or coverage.
The data breach will not affect Medicare benefits or coverage. (Kurt “Cyberguy” Knutson)
What information was leaked?
Compromised data may include:
- name
- address
- date of birth
- social security number
- Medicare Beneficiary Identifier (MBI)
- Hospital Account Number
- Service Dates
What steps is CMS taking?
The Centers for Medicare & Medicaid Services and the Wisconsin Physician Services Insurance Corporation have taken comprehensive steps to address the data breach and protect affected beneficiaries. Both centers have begun the process of mailing written notices to all individuals whose information may have been compromised. These notices will provide detailed information about the breach and guidance on protective steps.
In addition to the notifications, CMS and its contractors are offering affected beneficiaries free credit monitoring services for 12 months, which help individuals monitor their credit reports for suspicious activity that may indicate identity theft or fraud.
Additionally, CMS has taken the proactive step of issuing new Medicare cards to beneficiaries whose Medicare Beneficiary Identifiers (MBIs) may have been compromised as a result of the breach. These new cards contain updated MBIs, effectively invalidating the compromised numbers and adding an extra layer of security to beneficiaries' accounts.
To ensure transparency and provide clear guidance, WPS has prepared a comprehensive letter that will be sent to all potentially affected individuals. The letter explains the nature of the breach, the specific information that may have been compromised, and detailed instructions on how to access the protection services that are being offered. It also includes contact information for further assistance and answers to frequently asked questions to help beneficiaries receive as much support as possible to get through this difficult situation.
We reached out to CMS for comment on this article, and a representative provided the following statement: “We take the privacy and security of your Medicare information very seriously. CMS and WPS apologize for any inconvenience caused by this matter.”
Person holding the hand of an elderly person (Kurt “Cyberguy” Knutson)
Hacks, scams and exposure: why we're one step closer to catastrophe online
What you should do
If you are a Medicare recipient, you can take these steps to protect yourself:
1) Be careful with official communications: CMS will send letters to affected individuals. Be wary of unsolicited calls and emails claiming to be from Medicare.
2) Monitor your credit: If you receive a notice, you can take advantage of our free credit monitoring service.
3) Review your Medicare summary notice. Check to see if there are any charges or services you don't recognize.
4) Beware of scams: Be wary of anyone contacting you saying you need a new Medicare card, as this is most likely a scam.
5) Contact Medicare directly: If you're concerned, call 1-800-MEDICARE to find out if your account was involved in a data breach.
6) Report suspicious activity:If you suspect fraud, contact your state's Senior Medicare Patrol for guidance.
7) Be careful with your digital communications: Don't click links or download attachments in unsolicited emails, texts, or social media messages that pretend to be from Medicare or related to a data breach. These may be phishing scams trying to collect more personal information. The best way to protect yourself from clicking on malicious links is to install antivirus protection on all your devices, which will also alert you to phishing emails and ransomware scams. We've handpicked the winners of the best antivirus protection of 2024 for Windows, Mac, Android and iOS devices.
8) Use identity theft protection services: Identity theft companies monitor personal information like social security numbers, phone numbers, and email addresses to alert you if it's being sold on the dark web or used to open accounts, and they can also help freeze bank and credit card accounts to prevent further fraud by criminals. Check out these tips and best choices for protecting yourself against identity theft.
9) Consider using a data deletion service. Because your Medicare beneficiary information may be exposed online in a data breach, consider using a reputable data removal service. These services can help reduce your digital footprint by removing your personal information from various online databases and people search websites. This makes it harder for scammers to find and exploit your information. However, be careful when choosing such a service and make sure it is legitimate, as some scammers may collect more personal information by posing as a data removal service. Check out my recommended data deletion services here.
Protecting Medicare Information
To protect your Medicare data in the future, never give your Medicare number to unsolicited callers or emailers. Be careful when giving out personal information over the phone or online. Regularly check your Medicare statements for any unusual activity. Store your Medicare card in a safe place, just like you would a credit card.
Confidential patient information exposed in data breach at major pharmaceutical company
Important points about the cart
Unfortunately, data breaches are becoming more common, but by staying informed and taking proactive measures, you can mitigate potential risks. Medicare will never call you unsolicited to ask for personal information or issue you a new card. If in doubt, hang up and call Medicare directly at the official number listed on your card or through the Medicare website. By staying vigilant and following these guidelines, you can help protect your personal and medical information from potential misuse.
Given the increasing frequency and scale of data breaches in the healthcare sector, what additional measures do you think Medicare and its affiliates should take to better protect beneficiaries' personal information and prevent future security incidents? Cyberguy.com/Contact Us.
If you want to receive more of my tech tips and security alerts, subscribe to the free CyberGuy Report newsletter at the link below. Cyberguy.com/Newsletter.
Have a question for Kurt or tell us the story you'd like to see featured?.
Follow Kurt on his social channels:
Answers to the CyberGuy's most frequently asked questions:
New Arrivals from Cart:
Copyright 2024 CyberGuy.com. All Rights Reserved.
