By Karen Courtney, Program Director, CareWell Services.
The following press release was issued July 31, 2023. Be sure to open any mail you receive from CMS or Maximus.
CMS Responding to Data Breach at Contractor
CMS Notifying Potentially Involved Beneficiaries and Providing Information on Free Credit Monitoring
The Department of Health and Human Services (HHS) and the Centers for Medicare & Medicaid Services (CMS) have responded to a May 2023 data breach in Progress Software’s MOVEit Transfer software on the corporate network of Maximus Federal Services, Inc. (Maximus), a contractor to the Medicare program, that involved Medicare beneficiaries’ personally identifiable information (PII) and/or protected health information (PHI). No HHS or CMS systems were impacted. Maximus is among the many organizations in the United States that have been impacted by the MOVEit vulnerability. This week, CMS and Maximus are sending letters to individuals who may have been impacted notifying them of the breach, and explaining actions being taken in response. CMS estimates the MOVEit breach impacted approximately 612,000 current Medicare beneficiaries.
CMS and Maximus are notifying Medicare beneficiaries whose PII and/or PHI may have been exposed that they are being offered free-of-charge credit monitoring services for 24 months. This notification also contains information about how impacted individuals can obtain a free credit report, and, for those beneficiaries whose Medicare Beneficiary Identifier number may have been impacted, information on receiving a new Medicare card with a new number.
Note that impacted clients will be informed via letter. Do NOT give any of your information to anyone who reaches out to you about this breach via email, text, or calls! If you receive a notification and have questions or concerns just call MMAP at 803-7174.
