Be on the lookout for a letter from Medicare & Medicaid Services (CMS). The government agency that provides medical insurance for more than 67 million Americans 65 and older is notifying Medicare beneficiaries that they may have been part of a data breach in which fake accounts were created in their names.
In a press release issued Monday, CMS said it had identified suspicious activity related to the unauthorized creation of certain beneficiary online accounts using personal information obtained from unknown external sources.
CMS reported that roughly 103,000 beneficiaries might have been affected by the recent data breach. The agency is currently mailing notifications to the individuals, informing them of the incident and outlining steps they can take to protect their personal information.
From just $107.88 $24.99 for Kiplinger Personal Finance
Be a smarter, better informed investor.
Sign up for Kiplinger’s Free Newsletters
Profit and prosper with the best of expert advice on investing, taxes, retirement, personal finance and more - straight to your e-mail.
Profit and prosper with the best of expert advice - straight to your e-mail.
How the Medicare breach happened
On May 2, 2025, CMS’s 1-800-MEDICARE call center began receiving inquiries from beneficiaries regarding letters they received confirming Medicare.gov accounts had been created in their names, the agency said. However, the beneficiaries hadn't created the accounts.
CMS launched an investigation and found malicious actors had fraudulently created new accounts between 2023 and 2025 using valid beneficiary information, including Medicare Beneficiary Identifiers (MBI), coverage start date, last name, date of birth, and zip code.
Once these unauthorized accounts were established, bad actors may have accessed additional beneficiary data, including the following:
-Provider information
-Mailing address
-Dates of service
-Diagnosis codes
-Services received
-Plan premium details
What CMS is doing
CMS said it is not aware of any reports of identity fraud or misuse of the information due to this fraudulent activity, but said out of an abundance of caution, it is taking steps to safeguard beneficiaries' information, including:
-Deactivating all fraudulently created Medicare.gov accounts
-Disabling the ability to create new Medicare.gov accounts from foreign IP addresses to prevent further exploitation
-Continuing to monitor claims data for any suspicious activity and replacing MBIs for affected individuals
-Mailing new Medicare cards with new MBIs to beneficiaries as needed
What you can do
If you receive a letter in the mail from CMS, review your Medicare Summary Notices and Explanation of Benefits and see if you spot any unfamiliar charges or services. Report any suspicious activity to 1-800-MEDICARE (1-800-633-4227) or the Office of Inspector General at oig.hhs.gov/fraud/report-fraud/. It's also important to obtain a free annual credit report through www.annualcreditreport.com or by calling 1-877-322-8228.
If you are a victim of identity theft or fraud, file reports with local law enforcement and/or the Federal Trade Commission by phone at 1-877-IDTHEFT (1-877-438-4338) or online at www.ftc.gov/idtheft if any identity theft concerns arise.
Why hackers go after Medicare
Medicare is a prime target for hackers because of the information they can steal to use for identity theft and financial gain. With stolen Medicare information, bad actors can file fake claims for health care services, medicine and supplies, which cost the government and individuals money.
Medicare information includes a lot of personal identifying data such as names, addresses, birthdates and Social Security numbers. Hackers can use this information to steal a person’s identity, open credit cards in their name, hack into their bank accounts, or take other actions for financial gain. They can even use Medicare information to commit insurance fraud.
The best way to protect your Medicare number is to treat it like a credit card and be careful with whom you share it. Make sure to regularly review your statements, and if you spot any suspicious activity, report it immediately.
Related content
-
How Different Generations Invest and What They Can Teach YouBoomers, Gen Xers, millennials and Gen Zers are taking varying approaches to investing. Here's what they're doing and key lessons you can learn from them.
-
What One Widow's Ordeal Teaches Us About Marriage and MoneyA man charmed a 72-year-old widow into marriage, and then her accounts were seized to pay off his debts, highlighting the importance of background checks on potential spouses as well as prenuptial agreements.
-
What One Widow's Ordeal Teaches Us About Marriage and Money
A man charmed a 72-year-old widow into marriage, and then her accounts were seized to pay off his debts, highlighting the importance of background checks on potential spouses as well as prenuptial agreements.
-
Are You Getting a Gray Divorce? These Six Financial Strategies Come From a Financial PlannerManaging an equitable division of assets, selling a home, negotiating alimony and splitting retirement accounts are among the money matters that weigh as heavily as emotional issues.
-
How to Navigate Your Finances After Losing Your Spouse: Thoughts From a Financial PlannerIt's important you get involved in financial planning now so you're prepared and confident to make decisions when you potentially become your own financial manager.
-
I'm 63 With an Aging House That Needs Repairs, but I Might Move to a Retirement Community In a Few Years. Is It Worth Making Those Fixes?We ask financial experts for advice.
-
The 'Ted Lasso' Effect: A Positive Outlook Really Can Strengthen Your Retirement PlanOptimism like that of the fictional soccer coach can surprisingly improve your retirement planning by encouraging better saving habits and a more positive outlook on your financial future.
-
Your Golden Years Just Got a Tax Break, But There's a CatchDon't fall for the 'tax-free Social Security' headlines. The OBBB offers a temporary tax deduction for certain retirees, which is different from eliminating taxes on benefits entirely — and it doesn't solve Social Security's long-term funding issues.
-
The Five Best Cruise Lines for RetireesRetirement is an ideal time for cruising. Check out the five best cruise lines for comfort, ease, and unforgettable experiences.
-
I'm a Retirement Coach: Eight Surprising Signs You're Ready to RetireYou've met your savings goal, your friends are having fun without you, your boss is mean to you, and your kids are grown and gone. What are you waiting for?
