The personal health information of 612,000 Medicare beneficiaries has been breached from CMS contractor Maximus Federal Services.
The breach resulted from a vulnerability in the MOVEit software that has also been responsible for third-party breaches at health systems across the country. An unauthorized party gained access to the Maximus files between May 27 and May 31, according to a July 28 CMS news release.
The information involved in the breach:
- Name
- Social Security number or taxpayer identification number
- Date of birth
- Mailing address
- Telephone number and email address
- Medicare beneficiary number or health insurance claim number
- Driver's license number and state identification number
- Medical history notes
- Healthcare provider and prescription information
- Health insurance claim and policy information
- Health benefits and enrollment information
CMS is notifying affected beneficiaries via letter and providing free credit monitoring services.