The personal information of almost 1 million Medicare beneficiaries was compromised in a data breach that occurred between May 27 and May 31, 2023. The breach exploited a vulnerability in the MOVEit software used by Wisconsin Physicians Service Insurance Corporation (WPS), a Medicare contractor, to transfer files during the Medicare claims process.
Key Takeaways
- Over 900,000 Medicare beneficiaries affected
- Breach occurred due to a vulnerability in MOVEit software
- No reports of identity fraud or improper use of information yet
How the Breach Occurred
WPS provides administrative services to the Centers for Medicare & Medicaid Services (CMS), including handling Medicare Part A/B claims. The breach involved the exploitation of a vulnerability in Progress Software’s MOVEit software, used by WPS for file transfers related to CMS services.
Starting on May 27, 2023, the CL0P Ransomware Gang, also known as TA505, began exploiting a previously unknown vulnerability in MOVEit Transfer. Internet-facing MOVEit Transfer web applications were infected with a web shell named LEMURLOOT, which was then used to steal data from underlying MOVEit Transfer databases, according to the Cybersecurity and Infrastructure Security Agency (CISA).
Information Involved
The compromised data includes:
- Name
- Social Security Number or Individual Taxpayer Identification Number
- Date of Birth
- Mailing Address
- Gender
- Hospital Account Number
- Dates of Service
- Medicare Beneficiary Identifier (MBI) and/or Health Insurance Claim Number
What Is a Medicare Beneficiary Identifier (MBI)?
The Medicare Access and CHIP Reauthorization Act (MACRA) of 2015 required the removal of Social Security numbers from Medicare cards. By April 2019, Medicare Beneficiary Identifiers (MBIs) replaced Social Security numbers on Medicare cards. An MBI appears similar to this: 1EG4-TE5-MK73. The second, fifth, eighth, and ninth characters are always letters, while the first, fourth, seventh, tenth, and eleventh characters are always numbers. There isn’t a standard for the third or sixth characters.
CMS Response
The CMS press release stated they "are not aware of any reports of identity fraud or improper use of your information as a direct result of this incident." They advise that you can continue to use your current card to receive services. If CMS determines your MBI was compromised, a new Medicare card with a new number will be issued and mailed to you in the coming weeks.
After receiving your new card, CMS recommends:
- Follow the instructions in the letter that comes with your new card
- Destroy your old Medicare card
- Inform your providers that you have a new Medicare number
What You Can Do If Impacted
Here are five tips for protecting your identity and data:
- Sign up for 24/7 credit monitoring and activate two-factor authentication
- Never respond to unsolicited requests for information
- Regularly review credit card, bank accounts, and loans
- Place a free fraud alert on your credit file
- Freeze your three primary credit reports
Bottom Line
The Medicare data breach follows other significant breaches, such as those involving NDP and Change Healthcare. It serves as a reminder to be vigilant about checking bank accounts, loan and credit card accounts, and credit reports regularly. Proactive measures are essential for cybersecurity.
Related Content
- How to Freeze Your Credit in Three Steps
- Expert Tips To Avoid Identity Theft
- Is Identity Theft Protection Worth It?
- How to Protect Your Identity, Finances If You Lose Your Phone
- How to Protect Your Home From Deed Theft
Be the first to comment