Medicare beneficiaries alerted to contractor data breach 

Jul 28, 2023 - 03:17 PM
cybersecurity-hand-lock-graphic_900x400

A May data breach involving MOVEit Transfer software on Medicare contractor Maximus Federal Services’ corporate network may have exposed an estimated 612,000 Medicare beneficiaries’ personally identifiable information and/or protected health information, the Centers for Medicare & Medicaid Services announced July 28. CMS and Maximus are sending letters to affected individuals, who can obtain a free credit report. Those whose Medicare beneficiary number was affected also will receive a new Medicare card.
 
John Riggi, AHA’s national advisor for cybersecurity and risk, said, “The compromise of the MOVEit secure file transfer has been attributed to the Russian ransomware gang known as Clop and has struck multiple government and private-sector organizations, including health care organizations. These attacks demonstrate our cyber adversaries strategic targeting of those third-party applications and services that provide the broadest access to networks and sensitive data. As a result, we should identify and apply enhanced security and monitoring controls to these systems. These attacks also demonstrate that no organization is immune from data breaches, and the enormous complexity in managing third- and fourth-party cyber risk. We look forward to continuing to work with the federal government in the exchange of cyberthreat intelligence and risk mitigation practices to help defend against our common cyber adversaries.” 

Related News Articles

Headline
NSA report includes recommendations for OT device security
The National Security Agency April 23 released a report on operational technology systems that includes recommendations for security policies and technical…
Chairperson's File
Chair File: Leadership Dialogue — Cybersecurity in Health Care with John Riggi, AHA’s National Advisor for Cybersecurity and Risk
Public
Cybersecurity and physical threats are unfortunately significant enterprise risks for health care, regardless of size or location. Every hospital, physician…
Headline
CISA releases guidance following reported legacy Oracle cloud breach
The Cybersecurity and Infrastructure Security Agency April 17 released guidance to reduce risks associated with a reported breach of Oracle cloud services.…
Headline
Agencies issue guidance on navigating deceptive online recruitment of current and former federal employees
The National Counterintelligence and Security Center, the FBI, and the Defense Counterintelligence and Security Center yesterday released guidance on…
AHA Cyber Intel
[Updated] 3 Must-know Cyber and Risk Realities: What’s Ahead for Health Care in 2025
While the rate of cyberattacks on hospitals has risen dramatically, the severity of the impacts has also grown exponentially. Let’s look at the state of cyber…
Headline
House subcommittee holds hearing on cybersecurity vulnerabilities in legacy medical devices
The House Energy and Commerce Oversight and Investigations Subcommittee April 1 discussed cybersecurity threats in legacy medical devices during a hearing. The…