Over 100k Medicare Accounts Breached in Latest Hack: Was Yours One?
Letters are going out to 103,000 Medicare beneficiaries who may have been impacted. Here's how to protect your identity and benefits.
You are now subscribed
Your newsletter sign-up was successful
Want to add more newsletters?
Delivered daily
Kiplinger Today
Profit and prosper with the best of Kiplinger's advice on investing, taxes, retirement, personal finance and much more delivered daily. Smart money moves start here.
Sent five days a week
Kiplinger A Step Ahead
Get practical help to make better financial decisions in your everyday life, from spending to savings on top deals.
Delivered daily
Kiplinger Closing Bell
Get today's biggest financial and investing headlines delivered to your inbox every day the U.S. stock market is open.
Sent twice a week
Kiplinger Adviser Intel
Financial pros across the country share best practices and fresh tactics to preserve and grow your wealth.
Delivered weekly
Kiplinger Tax Tips
Trim your federal and state tax bills with practical tax-planning and tax-cutting strategies.
Sent twice a week
Kiplinger Retirement Tips
Your twice-a-week guide to planning and enjoying a financially secure and richly rewarding retirement
Sent bimonthly.
Kiplinger Adviser Angle
Insights for advisers, wealth managers and other financial professionals.
Sent twice a week
Kiplinger Investing Weekly
Your twice-a-week roundup of promising stocks, funds, companies and industries you should consider, ones you should avoid, and why.
Sent weekly for six weeks
Kiplinger Invest for Retirement
Your step-by-step six-part series on how to invest for retirement, from devising a successful strategy to exactly which investments to choose.
Be on the lookout for a letter from Medicare & Medicaid Services (CMS). The government agency that provides medical insurance for more than 67 million Americans 65 and older is notifying Medicare beneficiaries that they may have been part of a data breach in which fake accounts were created in their names.
In a press release issued Monday, CMS said it had identified suspicious activity related to the unauthorized creation of certain beneficiary online accounts using personal information obtained from unknown external sources.
CMS reported that roughly 103,000 beneficiaries might have been affected by the recent data breach. The agency is currently mailing notifications to the individuals, informing them of the incident and outlining steps they can take to protect their personal information.
From just $107.88 $24.99 for Kiplinger Personal Finance
Become a smarter, better informed investor. Subscribe from just $107.88 $24.99, plus get up to 4 Special Issues
Sign up for Kiplinger’s Free Newsletters
Profit and prosper with the best of expert advice on investing, taxes, retirement, personal finance and more - straight to your e-mail.
Profit and prosper with the best of expert advice - straight to your e-mail.
How the Medicare breach happened
On May 2, 2025, CMS’s 1-800-MEDICARE call center began receiving inquiries from beneficiaries regarding letters they received confirming Medicare.gov accounts had been created in their names, the agency said. However, the beneficiaries hadn't created the accounts.
CMS launched an investigation and found malicious actors had fraudulently created new accounts between 2023 and 2025 using valid beneficiary information, including Medicare Beneficiary Identifiers (MBI), coverage start date, last name, date of birth, and zip code.
Once these unauthorized accounts were established, bad actors may have accessed additional beneficiary data, including the following:
-Provider information
-Mailing address
-Dates of service
-Diagnosis codes
-Services received
-Plan premium details
What CMS is doing
CMS said it is not aware of any reports of identity fraud or misuse of the information due to this fraudulent activity, but said out of an abundance of caution, it is taking steps to safeguard beneficiaries' information, including:
-Deactivating all fraudulently created Medicare.gov accounts
-Disabling the ability to create new Medicare.gov accounts from foreign IP addresses to prevent further exploitation
-Continuing to monitor claims data for any suspicious activity and replacing MBIs for affected individuals
-Mailing new Medicare cards with new MBIs to beneficiaries as needed
What you can do
If you receive a letter in the mail from CMS, review your Medicare Summary Notices and Explanation of Benefits and see if you spot any unfamiliar charges or services. Report any suspicious activity to 1-800-MEDICARE (1-800-633-4227) or the Office of Inspector General at oig.hhs.gov/fraud/report-fraud/. It's also important to obtain a free annual credit report through www.annualcreditreport.com or by calling 1-877-322-8228.
If you are a victim of identity theft or fraud, file reports with local law enforcement and/or the Federal Trade Commission by phone at 1-877-IDTHEFT (1-877-438-4338) or online at www.ftc.gov/idtheft if any identity theft concerns arise.
Why hackers go after Medicare
Medicare is a prime target for hackers because of the information they can steal to use for identity theft and financial gain. With stolen Medicare information, bad actors can file fake claims for health care services, medicine and supplies, which cost the government and individuals money.
Medicare information includes a lot of personal identifying data such as names, addresses, birthdates and Social Security numbers. Hackers can use this information to steal a person’s identity, open credit cards in their name, hack into their bank accounts, or take other actions for financial gain. They can even use Medicare information to commit insurance fraud.
The best way to protect your Medicare number is to treat it like a credit card and be careful with whom you share it. Make sure to regularly review your statements, and if you spot any suspicious activity, report it immediately.
Related content
-
Dow Adds 1,206 Points to Top 50,000: Stock Market TodayThe S&P 500 and Nasdaq also had strong finishes to a volatile week, with beaten-down tech stocks outperforming.
-
Ask the Tax Editor: Federal Income Tax DeductionsAsk the Editor In this week's Ask the Editor Q&A, Joy Taylor answers questions on federal income tax deductions
-
States With No-Fault Car Insurance Laws (and How No-Fault Car Insurance Works)A breakdown of the confusing rules around no-fault car insurance in every state where it exists.
-
Why Picking a Retirement Age Feels Impossible (and How to Finally Decide)Struggling with picking a date? Experts explain how to get out of your head and retire on your own terms.
-
For the 2% Club, the Guardrails Approach and the 4% Rule Do Not Work: Here's What Works InsteadFor retirees with a pension, traditional withdrawal rules could be too restrictive. You need a tailored income plan that is much more flexible and realistic.
-
Retiring Next Year? Now Is the Time to Start Designing What Your Retirement Will Look LikeThis is when you should be shifting your focus from growing your portfolio to designing an income and tax strategy that aligns your resources with your purpose.
-
I'm a Financial Planner: This Layered Approach for Your Retirement Money Can Help Lower Your StressTo be confident about retirement, consider building a safety net by dividing assets into distinct layers and establishing a regular review process. Here's how.
-
Your Adult Kids Are Doing Fine. Is It Time To Spend Some of Their Inheritance?If your kids are successful, do they need an inheritance? Ask yourself these four questions before passing down another dollar.
-
The 4 Estate Planning Documents Every High-Net-Worth Family Needs (Not Just a Will)The key to successful estate planning for HNW families isn't just drafting these four documents, but ensuring they're current and immediately accessible.
-
Love and Legacy: What Couples Rarely Talk About (But Should)Couples who talk openly about finances, including estate planning, are more likely to head into retirement joyfully. How can you get the conversation going?
-
We're 62 With $1.4 Million. I Want to Sell Our Beach House to Retire Now, But My Wife Wants to Keep It and Work Until 70.I want to sell the $610K vacation home and retire now, but my wife envisions a beach retirement in 8 years. We asked financial advisers to weigh in.
