A data breach at a data file sharing service has exposed the personal information of 612,000 Medicare recipients and millions of other health care consumers.
The breach occurred in Progress Software’s MOVEit Transfer software on the corporate network of Maximus Federal Services, one of the Medicare program’s contractors, the Center for Medicare & Medicaid Services (CMS) said in a statement.
Maximus said that up to 11 million people were affected by the breach.
The breach, which occurred in May and was announced by CMS on July 28, involved the personally identifiable information (PII) and protected health information (PHI) of Medicare beneficiaries and/or protected health information.
Specific information that may have been compromised includes names, phone numbers, email addresses, Social Security numbers, healthcare provider and prescription information as well as health insurance claims, CMS said. No CMS or Department of Health and Human Services systems were impacted, the agency added.
CMS and Maximus are sending letters to Medicare beneficiaries who may be impacted by the incident and both are offering free credit monitoring services for two years.
“Data privacy and security are among our top priorities, and we are committed to protecting the data entrusted to us,” Maximus told Kiplinger in a statement. The company said that Maximus and many other companies use MOVEit, and that it is investigating the issue and closely monitoring its systems for any unusual activity.
“To be clear, we have not identified any impact from the MOVEit vulnerability on other parts of our corporate network and remain confident in the integrity of the network,” Maximus said.
Updating security is important
Ani Chaudhuri, CEO at Dasera, a data security firm in Saratoga, California, told Kiplinger that the breach occurred due to an unknown vulnerability in the MOVEit software.
“When the creators of MOVEit announced the vulnerability on May 31, 2023, it was clear the gap allowed unauthorized actors to gain access to MOVEit servers, in this case, compromising sensitive consumer data,” Chaudhuri said.
“Companies like Maximus use [services such as MOVEit] to send, receive and store sensitive information, making them attractive targets for cybercriminals,” he said. “This incident underscores the importance of maintaining robust and updated security measures, regularly auditing software for vulnerabilities, and adopting a proactive approach to data governance.”
"Consumers affected by this breach should stay alert for any phishing attempts, such as email, text, or phone,” said Chris Hauk, who focuses on consumer privacy at Pixel Privacy, an online data protection services company. “The bad actors responsible for the breach or who purchase the information stolen in the breach may use the information they already have to cheat the users out of additional information.”
- New SEC Rules Aim to Curb Investor Costs When Companies Are Hacked
- 7 Smart Moves to Prevent Identity Theft
- Struggling LastPass Suffers New Data Breach. Is Your Account at Risk?
A former Wall Street bond trader, Brian O’Connell is the author of two best-selling books: “The 401k Millionaire” and “CNBC’s Creating Wealth.” His work is bylined in national finance and business platforms such as TheStreet.com, CBS News, The Wall Street Journal, U.S. News & World Report, Forbes, Fox News and many others. His corporate clients have included SoFi, Experian, Prudential, Compliance.ai, Oanda, General Motors, the Kaufman Foundation, PNC, and many others. With 20 years of experience covering business news and trends, particularly in the business and financial sectors, he believes education is the best gift a financial consumer can receive – and brings that philosophy to every story he writes. Brian is a graduate of the University of Massachusetts, and currently resides in Palmas del Mar, Puerto Rico during the winter months, and in historic Bucks County, Pa., when Mother Nature cooperates.
Single? Married? How Relationship Status Impacts Your Money Mindset
Single? Married? Divorced? Widowed? How your Relationship status impacts your money mindset.
By Kathryn Pomroy Published
Five Things to Do Before December 31 to Come Up with Extra Cash
Need some extra cash ahead of the holidays? Here are five easy ways to up your purchasing power before year-end.
By Emma Patch Published