Medicare data breach affects up to 254,000 beneficiaries

Top Class Actions’s website and social media posts use affiliate links. If you make a purchase using such links, we may receive a commission, but it will not result in any additional charges to you. Please review our Affiliate Link Disclosure for more information.

Medicare data breach overview: 

• Who: A data breach may have exposed the personal and health information of up to 254,000 Medicare beneficiaries. 
• Why: The breach occurred at a federal subcontractor, Healthcare Management Solutions.
• Where: The data breach affects Medicare beneficiaries across the United States.

A recent data breach may have exposed the personally identifiable information and protected health information of up to 254,000 Medicare beneficiaries.

On Dec. 14, The Centers for Medicare & Medicaid Services (CMS) issued a statement announcing that it responded to a data breach at Healthcare Management Solutions LLC (HMS). HMS is a subcontractor of ASRC Federal Data Solutions LLC and helps resolve system errors related to Medicare beneficiary entitlement and premium payment records, CMS says.

The exposed information may have included names, addresses, dates of birth, phone numbers, Social Security numbers, Medicare beneficiary identifiers, banking information, including routing and account numbers and Medicare entitlement, enrollment and premium information, the CMS says. No claims data was exposed in the incident.

As a result of the Medicare data breach, the agency notified Medicare beneficiaries whose information may have been put at risk that they will receive an updated Medicare card with a new Medicare Beneficiary Identifier. 

CMS will also offer free-of-charge credit monitoring services through Equifax Complete Premier credit-monitoring service.

Medicare data breach caused by HMS violation, CMS says

Initial information indicates that HMS acted in violation of its obligations to CMS, the agency says.

It says it is not aware of any reports of identity fraud or improper use of information as a direct result of this incident so far.

However, CMS asked that after beneficiaries receive their new cards, they destroy the old ones and inform providers that they have new cards. It also asks that people with concerns contact their financial institution and let them know their banking information may have been compromised.

CMS is not currently facing legal action over the data breach, but Top Class Actions follows recalls closely as they sometimes lead to class action lawsuits.

Dropbox, U.S. Bank, Bed Bath & Beyond, Verizon, Microsoft, Michigan Medicine and Advocate Aurora all recently experienced data breaches.

Are you affected by this data breach? Let us know in the comments. 

Read About More Class Action Lawsuits & Class Action Settlements:

• $26M SolarWinds settlement over data breach disclosure seeks initial OK
• Sequoia data breach compromises sensitive, personal customer information
• LastPass class action claims data breach result of faulty security
• Conway Regional Medical Center data breach $295K class action settlement