Authored by Jack Phillips via The Epoch Times (emphasis ours),
The federal agency that manages Medicare warned that a subcontractor suffered a data breach that might involve “beneficiaries’ personally identifiable information” or “protected health information.”
In a statement issued on Wednesday, the Centers for Medicare & Medicaid Services (CMS) announced that a federal subcontractor, Healthcare Management Solutions, suffered the breach. No CMS systems were impacted and no data around Medicare claims were involved.
Information sourced by CMS suggests that Healthcare Management Solutions “acted in violation of its obligations to CMS and that the incident involving” the company could impact as many as 254,000 Medicare “beneficiaries’ personally identifiable information out of the over 64 million beneficiaries that CMS serves,” according to a news release.
The 254,000 impacted individuals represent 0.4 percent of Medicare’s approximately 64 million beneficiaries.
“The safeguarding and security of beneficiary information is of the utmost importance to this Agency,” CMS Administrator Chiquita Brooks-LaSure said in a statement. “We continue to assess the impact of the breach involving the subcontractor, facilitate support to individuals potentially affected by the incident, and will take all necessary actions needed to safeguard the information entrusted to CMS.”
Data that may have been breached include recipients’ names, addresses, Social Security numbers, phone numbers, Medicare beneficiary number, banking information such as account and routing numbers, and Medicare enrollment and premium information, according to CMS.
“At this time,” CMS added, “we’re not aware of any reports of identity fraud or improper use of your information as a direct result of this incident.”
“However, out of an abundance of caution we are issuing you a new Medicare card with a new number,” the agency said. “CMS will mail the new card to your address in the coming weeks. In the meantime, you can continue to use your existing Medicare card.”
Once the new card is sent, the agency recommends that Medicare recipients follow instructions on the new card, destroy the old Medicare card, and inform providers of a new Medicare number.
“When the incident was reported, we immediately started an investigation, working with the contractor and cybersecurity experts to identify what personal information, if any, might have been compromised. CMS is continuing to investigate this incident and will continue to take all appropriate actions to safeguard the information entrusted to CMS,” it said.
In October, Healthcare Management Solutions reported that it was targeted by a ransomware attack on its corporate systems, according to the CMS News release.
“On October 9, 2022, CMS was notified that the subcontractor’s systems had been subject to a cybersecurity incident but CMS systems were not involved,” the agency said. “As more information became available, on October 18, 2022, CMS determined with high confidence that the incident potentially included personally identifiable information and protected health information for some Medicare enrollees. Since then, CMS has been working diligently with the contractor to determine what information and which individuals may have been impacted.”
Free credit-monitoring services are also being offered to the impacted Medicare recipients, CMS said. Letters that are being sent out to impacted people include steps on how to sign up.
During the first half of this year, some 53 million people in the United States were impacted by data breaches, according to data website Statista. Many of those beaches involved manufacturing, financial services, and healthcare, it found.
Read more here...