CMS warns nearly 1 million Medicare members of 2023 MOVEit breach

September 19, 2024
1 min read

TLDR:

  • 946,801 Medicare beneficiaries notified of May 2023 MOVEit breach
  • Protected health and personal information compromised

In September 2024, the Centers for Medicare & Medicaid Services (CMS) disclosed that nearly a million Medicare beneficiaries were impacted by the May 2023 MOVEit breach. The breach, affecting a third-party contractor managing Medicare claims, exposed protected health information and personally identifiable data. Despite efforts to patch the zero-day vulnerability, the Clop ransomware gang exploited the system, stealing Medicare beneficiaries’ names, Social Security Numbers, dates of birth, and more.

WPS, the contractor, confirmed the breach and launched investigations to determine the extent of the data exposure. Measures are being taken to address the breach, including providing credit monitoring services and new Medicare cards to potentially affected individuals. While there is no evidence of misuse of the stolen information, CMS continues to work with cyber forensics experts and law enforcement to investigate the incident.

The MOVEit breach highlights the ongoing threat posed by zero-day vulnerabilities and underscores the need for organizations to implement a defense-in-depth strategy to mitigate such risks. CMS has apologized for any inconvenience caused by the breach and is taking steps to ensure the security and privacy of affected Medicare beneficiaries.

Latest from Blog

Top 20 Linux Admin Tools for 2024

TLDR: Top Linux Admin Tools in 2024 Key points: Linux admin tools streamline system configurations, performance monitoring, and security management. Popular Linux admin tools include Webmin, Puppet, Zabbix, Nagios, and Ansible. Summary

Bogus job tempts aerospace, energy workers

TLDR: A North Korean cyberespionage group is posing as job recruiters to target employees in aerospace and energy sectors. Mandiant reports that the group uses fake job descriptions stored in malicious archives