Responding to Data Breach at Contractor | CMS – CMS
The Department of Health and Human Services (HHS) and the Centers for Medicare & Medicaid Services (CMS) have responded to a May 2023 data breach in Progress Softwares MOVEit Transfer software on the corporate network of Maximus Federal Services, Inc. (Maximus), a contractor to the Medicare program, that involved Medicare beneficiaries personally identifiable information (PII) and/or protected health information (PHI). No HHS or CMS systems were impacted. Maximus is among the many organizations in the United States that have been impacted by the MOVEit vulnerability. This week, CMS and Maximus are sending letters to individuals who may have been impacted notifying them of the breach, and explaining actions being taken in response. CMS estimates the MOVEit breach impacted approximately 612,000 current Medicare beneficiaries.
CMS and Maximus are notifying Medicare beneficiaries whose PII and/or PHI may have been exposed that they are being offered free-of-charge credit monitoring services for 24 months. This notification also contains information about how impacted individuals can obtain a free credit report, and, for those beneficiaries whose Medicare Beneficiary Identifier number may have been impacted, information on receiving a new Medicare card with a new number.
Below please find a sample of the letter being sent to those who are potentially affected:
Dear <
The Centers for Medicare & Medicaid Services (CMS), the federal agency that manages the Medicare program, and Maximus Federal Services, Inc. (Maximus), are writing to inform you of an incident involving your personal information related to services provided by Maximus. Maximus is a CMS contractor that provides appeals services in support of the Medicare program.
The incident involved a security vulnerability in the MOVEit software, a third-party application which allows for the transfer of files during the Medicare appeals process. Maximus is among the many organizations in the United States that have been impacted by the MOVEit vulnerability.
We are sending you this letter so that you can understand more about this incident, how we are addressing it, and additional steps you can take to further protect your privacy. We are providing information with this notice on free credit monitoring services and, if your Medicare Beneficiary Identifier (MBI) was impacted, will be giving you a new Medicare card with a new Medicare Number. This does not impact your current Medicare benefits or coverage.
What Happened?
Our understanding is as follows: On May 30, 2023, Maximus detected unusual activity in its MOVEit application. Maximus began to investigate and stopped all use of the MOVEit application early on May 31, 2023. Later that same day, the third-party application provider, Progress Software Corporation, announced that a vulnerability in its MOVEit software had allowed an unauthorized party to gain access to files across many organizations in both the government and private sectors.
Maximus notified CMS of the incident on June 2, 2023. To date, the ongoing investigation indicates that on approximately May 27 through 31, 2023, the unauthorized party obtained copies of files that were saved in the Maximus MOVEit application, but that no CMS system has been compromised. After notifying CMS, Maximus then began to analyze the files to determine which data had been affected. As part of that analysis, it was determined that those files contained some of your personal information.
What Information Was Involved?
We have determined that your personal and Medicare information was involved in this incident. This information may have included the following:
What Are We Doing?
When the incident was discovered, Maximus began an investigation, took the MOVEit application offline, applied MOVEit software patches, and notified law enforcement. CMS is continuing to investigate this incident in coordination with Maximus and will take all appropriate actions to safeguard the information entrusted to CMS.
What Can You Do?
Maximus is offering a complimentary 24 months of credit monitoring and other services from Experian at no cost to you. You do not need to use your credit card or any other form of payment to enroll in the service.
Please see Attachment #1 for information on how to utilize your free Experian Services.
Under federal law, you are entitled to one free credit report every 12 months from each of the three major nationwide credit reporting companies listed above. Call 1-877-322-8228 or request your free credit reports online at http://www.annualcreditreport.com. When you receive your credit reports, review them for problems. Identify any accounts you didnt open or inquiries from creditors that you did not authorize. Verify all information is correct. If you have questions or notice incorrect information, contact the credit reporting company.
Even if you dont find any suspicious activity on your initial credit reports, the Federal Trade Commission (FTC) recommends that you still check your credit reports periodically. Checking your credit report periodically can help you spot problems and address them quickly.
If you find suspicious activity on your credit reports or have reason to believe your information is being misused, call your local law enforcement agency and file a police report. Be sure to obtain a copy of the police report, as many creditors will want the information it contains to absolve you of the fraudulent debts. You may also file a complaint with the FTC by contacting them on the web at http://www.ftc.gov/idtheft, by phone at 1-877-IDTHEFT (1-877-438-4338), or by mail at Federal Trade Commission, Consumer Response Center, 600 Pennsylvania Avenue, NW, Washington, DC 20580. Your complaint will be added to the FTCs Identity Theft Data Clearinghouse, where it will be accessible to law enforcement for their investigations. In addition, you may obtain information from the FTC about fraud alerts and security freezes.
Please see Attachment #2 for additional steps you can take to protect your information.
At this time, we are not aware of any reports of identity fraud or improper use of your information as a direct result of this incident. However, if your MBI was impacted, a new Medicare card with a new number will be issued to you. CMS will mail the new card to your address in the coming weeks. In the meantime, you can continue to use your existing Medicare card. After you get your new card, you should:
For More Information
We take the privacy and security of your Medicare information very seriously. CMS and Maximus apologize for the inconvenience this privacy incident might have caused you.
If you have any further questions regarding this incident, please call the Experian dedicated and confidential toll-free response line at xxx-xxx-xxxx. This response line is staffed with professionals familiar with this incident who know what you can do to protect against misuse of your information. The response line is available Monday through Friday from 8 am 10 pm Central, or Saturday and Sunday from 10 am 7 pm Central (excluding major U.S. holidays).
You can also call 1-800-MEDICARE (1-800-633-4227) with any general questions or concerns about Medicare.
###
Get CMS news at cms.gov/newsroom, sign up for CMS news via emailand follow CMS on Twitter @CMSgov
Read more here:
Responding to Data Breach at Contractor | CMS - CMS
- KIA installs free anti-theft software this weekend in St. Louis area - KSDK.com - April 28th, 2024 [April 28th, 2024]
- KIA installing free anti-theft software to impacted car owners - WHAS11.com - April 28th, 2024 [April 28th, 2024]
- Free Windows Apps and Software for PC Gamers to Take Gaming to the Next Level - Gizchina.com - April 28th, 2024 [April 28th, 2024]
- Best survey tool of 2024 - TechRadar - April 28th, 2024 [April 28th, 2024]
- Grand Rapids Police and Hyundai Offer Free Anti-Theft Software Upgrades Amid Vehicle Theft Wave - Hoodline - April 26th, 2024 [April 26th, 2024]
- Blueprint Software Systems Announces Free Trial for RPA Analytics Solution - PR Web - April 26th, 2024 [April 26th, 2024]
- Houston Police, Hyundai to host free anti-theft security event for vehicle owners - Houston Public Media - April 26th, 2024 [April 26th, 2024]
- Descartes Systems buys Aerospace Software Developments Winnipeg Free Press - Winnipeg Free Press - April 26th, 2024 [April 26th, 2024]
- Kia offers free software upgrades in Cleveland this weekend - WKYC.com - April 20th, 2024 [April 20th, 2024]
- Free software lets you design and test warp drives with real physics - New Atlas - April 20th, 2024 [April 20th, 2024]
- Clinic offering free Kia software updates continuing through weekend - Yahoo! Voices - April 20th, 2024 [April 20th, 2024]
- Hyundai providing free anti-theft software installation this weekend at Greenspoint Mall - KHOU.com - April 20th, 2024 [April 20th, 2024]
- Kia offers free software upgrades in Cleveland this weekend: How to get yours - WKYC.com - April 20th, 2024 [April 20th, 2024]
- Hyundai providing free anti-theft software installion in Houston - KHOU.com - April 20th, 2024 [April 20th, 2024]
- Kia gives free software upgrades this weekend at the Cleveland Aquarium - WKYC.com - April 20th, 2024 [April 20th, 2024]
- Ubuntu Studio in new LTS beta; still the easiest creative Linux distro - CDM Create Digital Music - Create Digital Music - April 20th, 2024 [April 20th, 2024]
- Free anti-theft software upgrades available for Central Texas Hyundai drivers - KEYE TV CBS Austin - March 15th, 2024 [March 15th, 2024]
- How to get free help with income tax prep, or free software | Business | postandcourier.com - The Post and Courier - February 23rd, 2024 [February 23rd, 2024]
- Best encryption software of 2024 - TechRadar - February 23rd, 2024 [February 23rd, 2024]
- The best free VPN in 2024 - TechRadar - February 23rd, 2024 [February 23rd, 2024]
- AI imaging software generates a gallery of stereotypes, says Univ. of ... - GeekWire - November 28th, 2023 [November 28th, 2023]
- Roku's free update that makes it easier to find new shows and ... - TechRadar - November 28th, 2023 [November 28th, 2023]
- How To Find Alternatives To ChatGPT Forbes Advisor UK - Forbes - November 28th, 2023 [November 28th, 2023]
- How To Find Alternatives To ChatGPT Forbes Advisor Australia - Forbes - November 28th, 2023 [November 28th, 2023]
- Assassin's Creed Syndicate is now free to keep on Ubisoft Connect - OC3D - November 28th, 2023 [November 28th, 2023]
- Google Confirms Its Schedule for Disabling Third-Party Cookies in ... - Slashdot - November 28th, 2023 [November 28th, 2023]
- Tata Consultancy Services Ordered To Cough Up $210 Million In ... - Slashdot - November 28th, 2023 [November 28th, 2023]
- Meta Knowingly Collected Data on Pre-Teens, Unredacted ... - Slashdot - November 28th, 2023 [November 28th, 2023]
- US, Britain, Other Countries Ink Agreement To Make AI 'Secure by ... - Slashdot - November 28th, 2023 [November 28th, 2023]
- Plex Users Fear New Feature Will Leak Porn Habits To Their ... - Slashdot - November 28th, 2023 [November 28th, 2023]
- This free software converts drone videos into 2D maps in minutes! - DroneDJ - November 14th, 2023 [November 14th, 2023]
- How 'Hour of Code' Will Teach Students About Issues with AI - Slashdot - November 14th, 2023 [November 14th, 2023]
- Nothing is Bringing iMessage To Its Android Phone - Slashdot - November 14th, 2023 [November 14th, 2023]
- How To Build A WordPress Website In 9 Steps - Forbes - November 1st, 2023 [November 1st, 2023]
- Best Adobe Acrobat free alternatives - PC Guide - For The Latest PC Hardware & Tech News - November 1st, 2023 [November 1st, 2023]
- Monday.com Pricing and Plans 2023 Forbes Advisor Canada - Forbes - November 1st, 2023 [November 1st, 2023]
- PIRG Petitions Microsoft To Extend the Life of Windows 10 - Slashdot - November 1st, 2023 [November 1st, 2023]
- Kidsoft launches free calculator to simplify "Free Kindy" fee working - The Sector - November 1st, 2023 [November 1st, 2023]
- Drugmakers Are Set To Pay 23andMe Millions To Access Consumer ... - Slashdot - November 1st, 2023 [November 1st, 2023]
- Biden Signs Executive Order To Oversee and Invest in AI - Slashdot - November 1st, 2023 [November 1st, 2023]
- Meta's Next AI Attack on OpenAI: Free Code-Generating Software - The Information - August 18th, 2023 [August 18th, 2023]
- Millions of Samsung Galaxy S23 users just got a sweet free software ... - Yahoo Life - August 18th, 2023 [August 18th, 2023]
- Red Hat unlikely to be standard for enterprise Linux in future, says ... - iTWire - August 18th, 2023 [August 18th, 2023]
- Observing Basics: Astrophotography without a scope | Astronomy.com - Astronomy Magazine - August 18th, 2023 [August 18th, 2023]
- Chattanooga trucking and logistics companies are among the fastest ... - Chattanooga Times Free Press - August 18th, 2023 [August 18th, 2023]
- How Google is Planning To Beat OpenAI - Slashdot - August 18th, 2023 [August 18th, 2023]
- Tesla Says It Will Build New 'First of Its Kind' Data Centers - Slashdot - August 18th, 2023 [August 18th, 2023]
- Bank of Ireland IT Blunder Allows Customers To Withdraw More ... - Slashdot - August 18th, 2023 [August 18th, 2023]
- LK-99 Isn't a Superconductor - How Science Sleuths Solved the ... - Slashdot - August 18th, 2023 [August 18th, 2023]
- Mayor Bowser Announces Hyundai Anti-Theft Mobile Clinic | mayormb - Executive Office of the Mayor - July 30th, 2023 [July 30th, 2023]
- Five Auburn Alumni Receive Award for Work to Advance Tax Prep ... - CPAPracticeAdvisor.com - July 30th, 2023 [July 30th, 2023]
- Codeiums Varun Mohan and Jeff Wang on Unleashing the Power of ... - Nvidia - July 30th, 2023 [July 30th, 2023]
- Banner Health provides free concussion baseline testing for every ... - Queen Creek Sun Times - July 30th, 2023 [July 30th, 2023]
- Hugging Face, GitHub and More Unite To Defend Open Source in ... - Slashdot - July 30th, 2023 [July 30th, 2023]
- Lindsey Graham and Elizabeth Warren: When It Comes To Big Tech ... - Slashdot - July 30th, 2023 [July 30th, 2023]
- Best Dogecoin Casinos & Gambling Sites Ranked by DOGE Bonuses, Games, and More - The Hudson Reporter - July 2nd, 2023 [July 2nd, 2023]
- GCC Steering Committee Announces a Code of Conduct - Slashdot - July 2nd, 2023 [July 2nd, 2023]
- AI Predicts Diseases, Advancing Toward HIV Cure, Acquisitions ... - Bio-IT World - July 2nd, 2023 [July 2nd, 2023]
- WISeKey upgrades its WISeID digital identity and privacy platform - Help Net Security - July 2nd, 2023 [July 2nd, 2023]
- FBI Forms National Database To Track and Prevent 'Swatting' - Slashdot - July 2nd, 2023 [July 2nd, 2023]
- BYU Library offers free software classes - The Daily Universe - Universe.byu.edu - June 16th, 2023 [June 16th, 2023]
- Free Streaming Software Market to Witness an Outstanding Growth ... - The Bowman Extra - June 16th, 2023 [June 16th, 2023]
- How to build a virtual studio for free with free plugins and music ... - MusicRadar - June 16th, 2023 [June 16th, 2023]
- Battlebit Remastered Price - Is it free? - PC Guide - For The Latest PC Hardware & Tech News - June 16th, 2023 [June 16th, 2023]
- How to Install the iPadOS 17 Developer Beta on Your iPad for Free - MacRumors - June 16th, 2023 [June 16th, 2023]
- Human Resources Software: 4 HR Tools for Small Businesses - CO by the U.S. Chamber of Commerce - June 16th, 2023 [June 16th, 2023]
- YouTube Tells Open-Source Privacy Software 'Invidious' to Shut Down - Slashdot - June 16th, 2023 [June 16th, 2023]
- Arctic Could Be Sea Ice-Free in the Summer by the 2030s - Slashdot - June 16th, 2023 [June 16th, 2023]
- The IRS Will Test Out Its Own Free Tax Prep Software in 2024 - Money - May 20th, 2023 [May 20th, 2023]
- The IRS is working on software to allow taxpayers to file online - NPR - May 20th, 2023 [May 20th, 2023]
- RIB Software launches free-to-use RIB Carbon Quantifier for ... - GlobeNewswire - May 20th, 2023 [May 20th, 2023]
- Read the letter: Twitter accuses Microsoft of using its data in unauthorized ways - CNBC - May 20th, 2023 [May 20th, 2023]
- Police Facial Recognition Technology Can't Tell Black People Apart - Scientific American - May 20th, 2023 [May 20th, 2023]
- Porsche Taycan Gets EV Charging Station Finder in Apple Maps - Car and Driver - May 20th, 2023 [May 20th, 2023]
- Tesla to roll out free Full Self-Driving software, but there's a catch. Know here - HT Auto - May 20th, 2023 [May 20th, 2023]
- Meta Made Its AI Tech Open-Source. Rivals Say Its a Risky Decision. - The New York Times - May 20th, 2023 [May 20th, 2023]
- Generative AI needs guardrails as businesses add it to software ... - CIO Dive - May 20th, 2023 [May 20th, 2023]
- You may not care where you download software from, but malware ... - We Live Security - May 20th, 2023 [May 20th, 2023]
- International cooperation and the challenge of internet accessibility ... - BMC Medical Education - May 20th, 2023 [May 20th, 2023]
- IRS Might Make Tax Season a Whole Lot Easier - The Journal ... - The Wall Street Journal - May 20th, 2023 [May 20th, 2023]