Nearly one million Medicare beneficiaries recently learned that their personal information may have been compromised in a data breach last year. This incident comes on the heels of another and highlights the ongoing challenges in protecting sensitive healthcare data and the importance of staying vigilant about your personal information.
RECEIVE SECURITY ALERTS AND EXPERT TIPS: SUBSCRIBE TO KURT’S NEWSLETTER: THE CYBERGUY REPORT HERE
A total of 946,801 Medicare beneficiaries may have had their personal data exposed due to a security vulnerability. (Kurt “CyberGuy” Knutsson)
The Gap: What Happened?
The Centers for Medicare and Medicaid Services (CMS) is notifying 946,801 Medicare beneficiaries that your personal data may have been exposed due to a security vulnerability in the MOVEit file transfer software used by Wisconsin Physicians Service Insurance Corp., a CMS contractor.
On July 8, 2024, Wisconsin Physicians Service (WPS) Insurance Corp. reported to CMS a cybersecurity incident involving MOVEit, a file transfer software. This incident compromised files containing protected health information, including Medicare claims data and other personally identifiable information.
The vulnerability in MOVEit software allowed unauthorized access to personal information between May 27 and May 31, 2023. Progress Software, the developer of MOVEit, discovered and publicly disclosed this vulnerability on May 31, 2023, and quickly released a software patch to address the issue.
WPS applied the patch immediately and conducted an initial investigation, which did not reveal any evidence of unauthorized file access at the time. However, in May 2024, new information prompted WPS to conduct a more thorough review with the assistance of a third-party cybersecurity firm. This review confirmed that while the vulnerability was successfully patched in early June 2023, an unauthorized third party had copied files from WPS’s MOVEit system before the patch was applied.
In coordination with law enforcement, WPS assessed the affected files. Initially, the portion examined did not contain personal information. However, on July 8, 2024, WPS discovered that some files in a different portion did contain personal information, leading to immediate notification to CMS.
At this time, CMS and WPS are not aware of any reports of identity fraud or misuse of personal information as a direct result of this incident. However, they are taking proactive steps to notify potentially affected individuals and provide them with resources to help protect their personal information.
It is important to note that this incident does not affect current Medicare benefits or coverage.
The data breach does not affect Medicare benefits or coverage. (Kurt “CyberGuy” Knutsson)
What information was exposed?
Potentially compromised data includes:
- Names
- Directions
- Dates of birth
- Social Security Numbers
- Medicare Beneficiary Identifiers (MBI)
- Hospital account numbers
- Dates of services
Measures being taken by the CMS
The Centers for Medicare & Medicaid Services and Wisconsin Physicians Service Insurance Corp. are taking comprehensive steps to address the data breach and protect affected beneficiaries. They have initiated a process of mailing written notifications to all individuals whose information may have been compromised. These notifications provide detailed information about the breach and offer guidance on protective measures.
In addition to notifications, CMS and its contractor are offering affected beneficiaries free credit monitoring services for a period of 12 months. This service will help individuals monitor their credit reports for any suspicious activity that may indicate identity theft or fraud.
Additionally, CMS is taking the proactive step of issuing new Medicare cards to beneficiaries whose Medicare Beneficiary Identifiers (MBIs) were potentially exposed in the breach. These new cards will contain updated MBIs, effectively invalidating the compromised numbers and adding an additional layer of security to beneficiaries’ accounts.
To ensure transparency and provide clear guidance, WPS has prepared a comprehensive letter that is being sent to all potentially affected individuals. This letter describes the nature of the breach, the specific information that may have been compromised, and details instructions on how to use the protective services offered. It also includes contact information for further assistance and answers to frequently asked questions, helping beneficiaries navigate this difficult situation with as much support as possible.
We reached out to CMS for comment on this article and a representative provided this statement: “We take the privacy and security of your Medicare information very seriously. CMS and WPS apologize for any inconvenience this incident may have caused you.”
A person holding the hand of an elderly person. (Kurt “CyberGuy” Knutsson)
HACKED, SCAMMED, EXPOSED: WHY YOU’RE ONE STEP AWAY FROM ONLINE DISASTER
What you should do
If you are a Medicare beneficiary, here are some steps you can take to protect yourself:
1) Stay tuned for official communication:CMS will send letters to affected individuals. Be wary of unsolicited calls or emails claiming to be from Medicare.
2) Monitor your credit: Take advantage of free credit monitoring services offered if you receive a notification letter.
3) Review your Medicare summary notices: Check for unknown charges or services.
4) Be alert for scams: Be wary of anyone who contacts you asking for a new Medicare card. It is likely a scam.
5) Contact Medicare directly: If you are concerned, call 1-800-MEDICARE to ask if your account was involved in a data breach.
6) Report suspicious activity: IIf you suspect fraud, contact your state’s Senior Medicare Patrol for guidance.
7) Be careful with digital communications: Don’t click on any links or download attachments in unsolicited emails, text messages, or social media messages that claim to be from Medicare or related to the data breach. These could be phishing attempts to gather more personal information. The best way to protect yourself from clicking on malicious links is to have antivirus protection installed on all of your devices. This can also alert you to any phishing emails or ransomware scams. Get my picks for the best antivirus protection winners of 2024 for your Windows, Mac, Android, and iOS devices.
8) Use an identity theft protection service: Identity theft companies can monitor personal information like your Social Security number, phone number, and email address and alert you if it’s being sold on the dark web or used to open an account. They can also help you freeze your bank and credit card accounts to prevent unauthorized use by criminals. Check out my tips and best picks on how to protect yourself from identity theft..
9) Consider using a data deletion service: Since Medicare beneficiaries’ information can be exposed online due to data breaches, consider using a reputable data removal service. These services can help reduce your digital footprint by removing your personal information from various online databases and people search websites. This can make it harder for scammers to find and misuse your information. However, be careful when selecting such a service and make sure it is legitimate, as some scammers may pose as data removal services to gather more personal information. Check out my top picks for data removal services here.
How to protect your Medicare information
To protect your Medicare data in the future, never share your Medicare number with unsolicited callers or emailers. Be careful about giving out personal information over the phone or online. Regularly review your Medicare statements for any unusual activity. Keep your Medicare card in a safe place, just like you would a credit card.
Pharmaceutical giant’s data leak exposes sensitive patient information
Kurt’s key takeaways
While data breaches are unfortunately becoming more common, staying informed and taking proactive steps can help mitigate potential risks. Remember, Medicare will never call you unsolicited to ask for personal information or to issue a new card. If you are ever in doubt, hang up and call Medicare directly using the official number on your card or the Medicare website. By staying alert and following these guidelines, you can help protect your personal and healthcare information from potential misuse.
Given the increasing frequency and scale of data breaches in the healthcare sector, what additional measures do you think Medicare and its affiliated organizations should implement to better protect beneficiaries’ personal information and prevent future security incidents? Let us know by writing to us at Cyberguy.com/Contact.
For more tech tips and security alerts, subscribe to my free CyberGuy Report newsletter by heading to Cyberguy.com/Newsletter.
Ask Kurt a question or tell us what stories you’d like us to cover..
Follow Kurt on his social channels:
Answers to CyberGuy’s most frequently asked questions:
Kurt’s News:
Copyright 2024 CyberGuy.com. All rights reserved.
