Skip to main content

CMS Data Breach Exposes Personal Data of 3.1 Million People

The US Centers for Medicare & Medicaid Services (CMS) has confirmed that personal and health information of more than 3.1 million individuals was compromised following a cyberattack on Wisconsin Physicians Service (WPS), a contractor providing Medicare administrative services. The breach, tied to the MOVEit vulnerability, came to light in July 2024 during an internal review.

The incident occurred when hackers exploited a vulnerability in MOVEit Transfer software used by WPS, allowing them to access and steal sensitive data. The breach occurred despite security patches applied in 2023, with a later investigation revealing that the hackers had already infiltrated WPS systems prior to the updates.

CMS, a federal agency within the Department of Health and Human Services (HHS), has begun notifying affected individuals, offering them 12 months of free credit monitoring through Experian to mitigate potential identity theft risks. The attack primarily impacted those using Medicare, though data on some non-Medicare beneficiaries and deceased individuals were also compromised.

CMS confirmed that the information stolen may contain the following:

  • Name
  • Social Security Number or Individual Taxpayer Identification Number
  • Date of Birth
  • Mailing Address
  • Gender
  • Hospital Account Number
  • Dates of Service
  • Medicare Beneficiary Identifier (MBI) and/or Health Insurance Claim Number

In a September 6th press release, CMS announced that both the agency and WPS were alerting 946,801 Medicare recipients regarding the exposure of their personal information. That same day, the agency reported on the HHS’ breach portal that 3,112,815 individuals' data had been compromised.

A CMS spokesperson clarified to BleepingComputer that the discrepancy in numbers was due to the inclusion of individuals who were either deceased or not Medicare beneficiaries, but whose data had been gathered by WPS during their work for CMS.

The hacking group Cl0p, responsible for the MOVEit attacks, has publicly claimed that they would delete data associated with healthcare and government organizations. However, CMS and cybersecurity experts warn that there is no guarantee that the stolen information hasn’t been sold or circulated on the dark web.

As detailed in our original report, the MOVEit attack affected numerous organizations across various sectors, so there might still be similar revelations that have not yet come to light. In related news, Confidant Health, a telehealth provider, recently experienced a data breach exposing sensitive patient information, adding to the growing list of healthcare-related cyber incidents.



See TessMore Internet Business Must-Reads
Labels:

Comments

Post a Comment

Popular posts from this blog

13 Best Cheap Web Hosting Services of 2022 (Ranked)

  Let’s face it: there are a ton of different   web hosting options   on the market with great features. A lot of the time, it comes down to price.  I ranked and reviewed the best cheap web hosting options to try this year.  These reviews are based on pricing, hosting features, integrations, security, speed, and more. Let’s get started. Disclaimer:  This article contains affiliate links that I receive a small commission for at no cost to you. However, these are merely the tools I fully recommend when it comes to hosting a website. You can read my full affiliate disclosure in my  privacy policy . What is the Best Cheap Web Hosting? Here are my top picks for the best cheap web hosting: 1.  Bluehost . Bluehost  is a web hosting company that hosts over 2 million domains collectively. Their initial plan starts at $2.95 per month, and you get a 30-days money-back guarantee with all the plans. Recommended web host by WordPress.org for more than a decade now, it also offers features like: A fr
Post a Comment
Read more

How to Safely Change Your WordPress Theme (Beginner’s Guide)

Learning how to change your WordPress theme seems like a very basic thing. Simply go to Appearance > Themes , hover over any of the available WordPress themes, and click Activate , right? While that is correct in principle and works well for a site that is basically empty, it gets a bit more complicated for an established website with a lot of content. In that case, it becomes more of a case of how to change your WordPress theme safely and without losing anything. And that’s exactly what will talk about here. In the following, you will learn what risks there are to changing your WordPress theme. We will talk about how to prepare for the switch, different ways of performing it, and how to check your site after you are done. Changing Your WordPress Theme: Potential Risks Before going over the how-to part, let’s first discuss why you need to be cautious when changing your WordPress theme and what things can break. First of all, you can generally relax. WordPress is built in a way
Post a Comment
Read more

Five Common iPage Email Problems and Solutions

If you’re paying for some of the popular services offered by iPage – cheap web hosting , domain names , and dedicated servers  – you’re likely using iPage email as well.  iPage is well known for its affordable pricing and user-friendly solutions. However, its services have not always been 100% reliable.  Such is the case with iPage email, which often stops working. If your email is acting up, several possible reasons exist. Read on to find out why you can’t access your iPage webmail and what you can do about it. Reasons why iPage email isn’t working  If your iPage email is not working, that’s usually because you’ve typed in the wrong password or account name or your internet connection is not strong enough. Other suspects are a blocked IP address, a poorly set up email account, and an overloaded queue.  Your IP is blocked  When you enter a wrong password 6 times in a row in under 5 minutes, iPage blocks your IP address out of precaution. You have to wait for 3 hours to reset
Post a Comment
Read more