Excerpt from Darkreading Article, Published on Sep 09, 2024.
The personal information of almost 1 million Medicare beneficiaries was potentially exposed in a data breach last year when an unauthorized party accessed a file transfer system used for processing medical claims. The breach targeted the MOVEit file-transfer program, a commonly used tool that hackers exploited to steal customer information.
The Centers for Medicare and Medicaid Services (CMS) announced that 946,801 beneficiaries in Wisconsin are being notified that their names, Social Security numbers, hospital account numbers, and insurance claim data may have been compromised between May 27 and May 31, 2023, before the vulnerability was discovered and patched.
CMS and its contractor, Wisconsin Physicians Service Insurance Corp. (WPS), stated that there have been no reports of identity fraud or misuse of the exposed data so far. As a precaution, affected individuals are being offered 12 months of free credit monitoring and identity protection services. Additionally, new Medicare cards will be issued to those whose Medicare Beneficiary Identifier numbers were compromised.
This breach is part of a broader trend of hackers exploiting vulnerabilities in third-party systems. The MOVEit vulnerability allowed attackers to bypass authentication processes, enabling them to intercept encrypted file transfers. CMS, in cooperation with law enforcement and cybersecurity experts, continues to investigate the breach to determine its full impact and prevent future incidents.
To delve deeper into this topic, please read the full article on Darkreading.
