(The Epoch Times)—The Social Security numbers of nearly one million Medicare beneficiaries may have been exposed in a data breach linked to a vulnerability in software used by a Medicare contractor in Wisconsin, the federal government has announced.
The Centers for Medicare & Medicaid Services (CMS) said in a Sept. 6 news release that a data breach at Wisconsin Physicians Service Insurance Corp. (WPS), one of its contractors, may have exposed the personal information of 946,801 Medicare beneficiaries. The exposed information includes not only names and Social Security numbers but also taxpayer identification numbers, Medicare Beneficiary Identifiers, dates of birth, addresses, and hospital account numbers.
The breach occurred between May 27 and May 31, 2023, due to a vulnerability in MOVEit, a third-party software developed by Progress Software, which WPS used to transfer files as part of the Medicare claims process.
The breach was first disclosed publicly by Progress Software on May 31, 2023, and a patch to address the vulnerability was released soon after. However, a subsequent investigation by WPS in May 2024 uncovered new evidence that unauthorized third parties had accessed and copied files containing sensitive information before the patch was applied.
On July 8, 2024, WPS notified CMS that some of the affected files contained personal information including Social Security numbers, which can be damaging if exploited, as it opens the door to identity theft and fraud.
“At this time, we are not aware of any reports of identity fraud or improper use of your information as a direct result of this incident,” CMS and WPS stated in a notification letter to those affected.
CMS said it’s working with law enforcement and cybersecurity consultants to safeguard the personal information of Medicare beneficiaries.
The agency also emphasized that beneficiaries’ Medicare coverage or benefits have not been impacted by the breach. New Medicare cards with updated Medicare Beneficiary Identifiers will be issued to those whose identifiers have been compromised. CMS advised beneficiaries to continue using their current cards until they receive new ones in the mail.
WPS, in coordination with CMS and law enforcement, is continuing to investigate the breach. The contractor has offered affected individuals 12 months of free credit monitoring and identity protection services, according to the agency.
The MOVEit vulnerability, first discovered in May 2023, has had widespread impacts, affecting both government and private organizations. The Cybersecurity and Infrastructure Security Agency (CISA) reported on June 15 that multiple federal agencies were compromised due to this vulnerability in the widely used file transfer software.
The online extortion group Cl0p claimed responsibility for the breach reported by CISA but stated they would not use the stolen data from government agencies.
What Would You Do If Pharmacies Couldn’t Provide You With Crucial Medications or Antibiotics?
The medication supply chain from China and India is more fragile than ever since Covid. The US is not equipped to handle our pharmaceutical needs. We’ve already seen shortages with antibiotics and other medications in recent months and pharmaceutical challenges are becoming more frequent today.
Our partners at Jase Medical offer a simple solution for Americans to be prepared in case things go south. Their “Jase Case” gives Americans emergency antibiotics they can store away while their “Jase Daily” offers a wide array of prescription drugs to treat the ailments most common to Americans.
They do this through a process that embraces medical freedom. Their secure online form allows board-certified physicians to prescribe the needed drugs. They are then delivered directly to the customer from their pharmacy network. The physicians are available to answer treatment related questions.