Connect with us

Hi, what are you looking for?

Hard News Hard Hitting News Source Global Political News

Cyber Security

CMS Subcontractor Breach Potentially Exposes Sensitive Data of 254,000 Customers

The Centers for Medicare and Medicaid said the breach involved a subcontractor that appears to have violated its obligations to the agency.

Personal data including bank routing and account information for 254,000 individuals may have been exposed during a ransomware attack on an agency subcontractor, according to the Centers for Medicare and Medicaid.

The subcontractor—Healthcare Management Solutions LLC (HMS)—is operating under a contract with ASRC Federal Data Solutions LLC to resolve “system errors related to Medicare beneficiary entitlement and premium payment records,” and “support the collection of Medicare premiums from the direct-paying beneficiary population,” CMS said in a press release Wednesday. 

“The safeguarding and security of beneficiary information is of the utmost importance to this agency,” CMS Administrator Chiquita Brooks-LaSure said in the press release. “We continue to assess the impact of the breach involving the subcontractor, facilitate support to individuals potentially affected by the incident, and will take all necessary actions needed to safeguard the information entrusted to CMS.”

The attack occurred on Oct. 8, according to a sample letter CMS said it is sending to the potentially affected beneficiaries “this week.” The next day, CMS said it “was notified that the subcontractor’s systems had been subject to a cybersecurity incident but CMS systems were not involved,” according to the letter, which adds CMS later determined—on Oct. 18—with “high confidence” that the incident potentially included the sensitive information. 

“Initial information indicates that HMS acted in violation of its obligations to CMS, and CMS continues to investigate the incident,” the letter reads. 

In addition to the banking information, the breach may have included the beneficiaries’ name, address, date of birth, social security number and Medicare Beneficiary Identifier, as well as Medicare entitlement, enrollment and premium information.  

CMS’ letter to the Medicare beneficiaries said the agency is unaware of identity fraud or their information being improperly used “as a direct result of this incident,” but that “out of an abundance of caution,” the agency will be issuing them a new Medicare card with a new number within the coming weeks. Beneficiaries can continue using their existing cards during the interim, the letter said.   

The agency also provided instructions for obtaining free credit monitoring services from Equifax.

CMS has not responded to a request for comment regarding the contractors’ cybersecurity measures or their compliance with any related requirements.

Copyright 2021 Associated Press. All rights reserved.

Source: https://www.nextgov.com/cybersecurity/2022/12/cms-subcontractor-breach-potentially-exposes-sensitive-data-254000-customers/380934/

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

Agency resources are intended to address the longstanding challenges health systems and hospitals have faced from increasingly advanced cyberattacks. The Cybersecurity and Infrastructure Security...

Cyber Security

The agency is utilizing a relaunched cybersecurity coordination center and additional programs to significantly ramp up interactions with key partners, a top official said....

Cyber Security

How a cornerstone cybersecurity program has evolved from information collection to active defense. The Cybersecurity and Infrastructure Security Agency has used its Continuous Diagnostics...

Cyber Security

Cybercriminals are increasingly leveraging extreme weather events to launch attacks on critical infrastructure sectors. Cybersecurity experts say critical infrastructure operators can leverage a set...

Copyright © 2023 Hard News Herd Hitting in Your Face News Source | World News | Breaking News | US News | Political News Website by Top Search SEO