Medicare beneficiaries alerted to contractor data breach 

Jul 28, 2023 - 03:17 PM
cybersecurity-hand-lock-graphic_900x400

A May data breach involving MOVEit Transfer software on Medicare contractor Maximus Federal Services’ corporate network may have exposed an estimated 612,000 Medicare beneficiaries’ personally identifiable information and/or protected health information, the Centers for Medicare & Medicaid Services announced July 28. CMS and Maximus are sending letters to affected individuals, who can obtain a free credit report. Those whose Medicare beneficiary number was affected also will receive a new Medicare card.
 
John Riggi, AHA’s national advisor for cybersecurity and risk, said, “The compromise of the MOVEit secure file transfer has been attributed to the Russian ransomware gang known as Clop and has struck multiple government and private-sector organizations, including health care organizations. These attacks demonstrate our cyber adversaries strategic targeting of those third-party applications and services that provide the broadest access to networks and sensitive data. As a result, we should identify and apply enhanced security and monitoring controls to these systems. These attacks also demonstrate that no organization is immune from data breaches, and the enormous complexity in managing third- and fourth-party cyber risk. We look forward to continuing to work with the federal government in the exchange of cyberthreat intelligence and risk mitigation practices to help defend against our common cyber adversaries.” 

Related News Articles

Headline
Virtual event to focus on cyber incident response and recovery
The Health Sector Coordinating Council Cyber Working Group and Health-ISAC (Information Sharing and Analysis Center) will host a joint cybersecurity event July…
Headline
Medical technology company Stryker disrupted globally by cyberattack
Stryker, a medical technology company that provides services and products for hospitals, was disrupted globally by a cyberattack, the company announced March…
Headline
White House issues executive order addressing cybercrime by threat groups
The White House issued an executive order March 6 to combat cybercrimes by threat groups. The order highlights how such groups can receive willing or…
Headline
ASPR releases cybersecurity module to conduct risk assessments 
The Administration for Strategic Preparedness and Response has released a new cybersecurity module for organizations to conduct risk assessments. The free…
Perspective
Staying Cyber Alert and Cyber Ready
Public
As the world has learned in recent years, today’s conflicts are fought with many weapons, and cyber warfare is an integral part of the arsenal.As of this…
Headline
FBI reminds of potentially malicious activity by Iranian cyber actors
The FBI is reminding critical infrastructure organizations to implement mitigations from a June 2025 fact sheet on potential actions by Iranian-affiliated…