Data Breach Exposes Personal Information of 612K Medicare Recipients

• Copy link
• Facebook
• X

Share this article

Print

Join the conversation

Follow us

Add us as a preferred source on Google

Newsletter

Get the Kiplinger Newsletter

Profit and prosper with the best of Kiplinger's advice on investing, taxes, retirement, personal finance and much more. Delivered daily. Enter your email in the box and click Sign Me Up.

Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors

---

By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

You are now subscribed

Your newsletter sign-up was successful

---

Want to add more newsletters?

Delivered daily

Kiplinger Today

Profit and prosper with the best of Kiplinger's advice on investing, taxes, retirement, personal finance and much more delivered daily. Smart money moves start here.

Signup +

Sent five days a week

Kiplinger A Step Ahead

Get practical help to make better financial decisions in your everyday life, from spending to savings on top deals.

Signup +

Delivered daily

Kiplinger Closing Bell

Get today's biggest financial and investing headlines delivered to your inbox every day the U.S. stock market is open.

Signup +

Sent twice a week

Kiplinger Adviser Intel

Financial pros across the country share best practices and fresh tactics to preserve and grow your wealth.

Signup +

Delivered weekly

Kiplinger Tax Tips

Trim your federal and state tax bills with practical tax-planning and tax-cutting strategies.

Signup +

Sent twice a week

Kiplinger Retirement Tips

Your twice-a-week guide to planning and enjoying a financially secure and richly rewarding retirement

Signup +

Sent bimonthly.

Kiplinger Adviser Angle

Insights for advisers, wealth managers and other financial professionals.

Signup +

Sent twice a week

Kiplinger Investing Weekly

Your twice-a-week roundup of promising stocks, funds, companies and industries you should consider, ones you should avoid, and why.

Signup +

Sent weekly for six weeks

Kiplinger Invest for Retirement

Your step-by-step six-part series on how to invest for retirement, from devising a successful strategy to exactly which investments to choose.

Signup +

---

An account already exists for this email address, please log in.

Subscribe to our newsletter

A data breach at a data file sharing service has exposed the personal information of 612,000 Medicare recipients and millions of other health care consumers.

The breach occurred in Progress Software’s MOVEit Transfer software on the corporate network of Maximus Federal Services, one of the Medicare program’s contractors, the Center for Medicare & Medicaid Services (CMS) said in a statement.

Maximus said that up to 11 million people were affected by the breach.

From just $107.88 $24.99 for Kiplinger Personal Finance

Become a smarter, better informed investor. Subscribe from just $107.88 $24.99, plus get up to 4 Special Issues

CLICK FOR FREE ISSUE

Sign up for Kiplinger’s Free Newsletters

Profit and prosper with the best of expert advice on investing, taxes, retirement, personal finance and more - straight to your e-mail.

Profit and prosper with the best of expert advice - straight to your e-mail.

Sign up

The breach, which occurred in May and was announced by CMS on July 28, involved the personally identifiable information (PII) and protected health information (PHI) of Medicare beneficiaries and/or protected health information.

Specific information that may have been compromised includes names, phone numbers, email addresses, Social Security numbers, healthcare provider and prescription information as well as health insurance claims, CMS said. No CMS or Department of Health and Human Services systems were impacted, the agency added.

CMS and Maximus are sending letters to Medicare beneficiaries who may be impacted by the incident and both are offering free credit monitoring services for two years.

“Data privacy and security are among our top priorities, and we are committed to protecting the data entrusted to us,” Maximus told Kiplinger in a statement. The company said that Maximus and many other companies use MOVEit, and that it is investigating the issue and closely monitoring its systems for any unusual activity.

“To be clear, we have not identified any impact from the MOVEit vulnerability on other parts of our corporate network and remain confident in the integrity of the network,” Maximus said.

Updating security is important

Ani Chaudhuri, CEO at Dasera, a data security firm in Saratoga, California, told Kiplinger that the breach occurred due to an unknown vulnerability in the MOVEit software.

“When the creators of MOVEit announced the vulnerability on May 31, 2023, it was clear the gap allowed unauthorized actors to gain access to MOVEit servers, in this case, compromising sensitive consumer data,” Chaudhuri said.

“Companies like Maximus use [services such as MOVEit] to send, receive and store sensitive information, making them attractive targets for cybercriminals,” he said. “This incident underscores the importance of maintaining robust and updated security measures, regularly auditing software for vulnerabilities, and adopting a proactive approach to data governance.”

"Consumers affected by this breach should stay alert for any phishing attempts, such as email, text, or phone,” said Chris Hauk, who focuses on consumer privacy at Pixel Privacy, an online data protection services company. “The bad actors responsible for the breach or who purchase the information stolen in the breach may use the information they already have to cheat the users out of additional information.”

• New SEC Rules Aim to Curb Investor Costs When Companies Are Hacked
• 7 Smart Moves to Prevent Identity Theft
• Struggling LastPass Suffers New Data Breach. Is Your Account at Risk?