CMS warns beneficiaries of possible data breach due to Blue Button 2.0 API error

CMS discovered a data anomaly within its Blue Button 2.0 application program interface on Dec. 4 that could have exposed members protected health information.

The vulnerability in the BB2.0 codebase caused some beneficiaries' information to be inadvertently shared with other beneficiaries. Medicare member use BB2.0 to authorize third-party applications to access to their claims data. The system works by creating a unique identification number for each member. However, an error caused members to be assigned the same numbers.

After discovering the error, CMS disabled BB2.0 services. It's unclear when the API will be restored. Less than 10,000 beneficiaries were said to have been affected along with 30 applications.

CMS said that there is no evidence that an unauthorized third-party caused the error nor that the integrity of the system has been compromised.

"CMS is taking several steps to address these takeaways. The BB2.0 team has implemented an enhanced quality review and validation process to ensure code issues like this one are caught before new code is committed to BB2.0 or any CMS API. The team is implementing additional monitoring and alerting for BB2.0. This will enhance CMS' ability to track BB2.0's use," CMS said in a release.

For more information, click here.

Copyright © 2024 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.

 

Featured Whitepapers

Featured Webinars