Personal finance

Up to 254,000 Medicare beneficiaries are getting new ID cards due to data breach at subcontractor. What they need to know

Products You May Like

miodrag ignjatovic | E+ | Getty Images

Up to 254,000 Medicare beneficiaries’ personal information may have been compromised in an online ransomware attack at a government subcontractor, officials warned this week.

Letters are being sent to the beneficiaries who were impacted by the potential data breach, said the Centers for Medicare & Medicaid Services. Those affected — who represent less than 0.4% of Medicare’s 64.5 million beneficiaries — will also receive a replacement Medicare card with a new identification number in the next few weeks.

“The safeguarding and security of beneficiary information is of the utmost importance to this agency,” CMS Administrator Chiquita Brooks-LaSure said in the announcement.

More from Personal Finance:
Used car prices are down 3.3% from a year ago
63% of Americans living paycheck to paycheck
How health insurance is helping cool inflation

“We continue to assess the impact of the breach involving the subcontractor, facilitate support to individuals potentially affected by the incident, and will take all necessary actions needed to safeguard the information entrusted to CMS,” Brooks-LaSure said.

The personal information that could have been compromised include name, address, date of birth, phone number, Social Security number, Medicare beneficiary identifier, banking information (including routing and account numbers) and Medicare entitlement, enrollment and premium information.

Free credit-monitoring also is being offered to the impacted individuals; the letters being sent include information on how to sign up for the service.

No CMS systems were breached, and no Medicare claims data were involved, according to the announcement. The agency also is not aware of any reports of identity fraud or improper use of the personal information as a direct result of the incident.

The subcontractor, Healthcare Management Solutions, experienced the ransomware attack on its corporate network on Oct. 8, according to CMS. The company handles the agency data as part of processing Medicare eligibility and entitlement records, as well as premium payments.

CMS was alerted the day after the attack, and on Oct. 18, officials “determined with high confidence that the incident potentially included personally identifiable information and protected health information for some Medicare enrollees,” according to the CMS release. 

Healthcare Management Solutions did not immediately respond to a CNBC inquiry.

In the first half of 2022, more than 53 million individuals in the U.S. were affected by data compromises, according to Statista. In 2021, the three most affected industries were healthcare, financial services and manufacturing.

Products You May Like

Articles You May Like

Capri and Tapestry abandon plans to merge, citing regulatory hurdles
Caligan picks up a stake in Verona Pharma, seeing an opportunity to generate more value
Home Depot’s sales are improving, but it says consumers are still cautious about spending
Investors should stay with their long-term financial plans no matter who is in the White House, advisors say
Toyota says California-led EV mandates are ‘impossible’ as states fall short of goal