Medicare Subcontractor Hacked

[Lee B]

"A far-reaching data breach by a government contractor has put Social Security numbers, birth dates, driver’s license numbers, health insurance claims, medical history notes, prescription information and other personally identifiable information of 612,000 Medicare beneficiaries at risk. The Centers for Medicare & Medicaid Services (CMS), the federal agency that manages Medicare, as well as the contractor in question, Maximus Federal Services, have begun sending apology letters to individuals whose data may have been impacted by the May 2023 security breach.

In an 8-K filing with the Securities and Exchange Commission on July 26, Maximus estimated the cost of the investigation and “remediation activities” thus far has been approximately $15 million, though the investigation is ongoing. Moreover, Maximus says files impacted by the cybersecurity hack contain Social Security numbers and protected health information “of at least 8 to 11 million people” whom the company anticipates having to notify.

 

According to the Centers for Medicare & Medicaid Services, Information at risk includes:

Name

Social Security Number or Individual Taxpayer Identification Number

Date of Birth

Mailing Address

Telephone Number, Fax Number and Email Address

Medicare Beneficiary Identifier (MBI) or Health Insurance Claim Number (HICN)

Driver’s License Number and State Identification Number

Medical History/Notes (including medical record/account numbers, conditions, diagnoses, dates of service, images, treatments, etc.)

Health Care Provider and Prescription Information

Health Insurance Claims and Policy/Subscriber Information

Health Benefits and Enrollment Information"

This is another one of the MoveIt related hacks. 

It's taken almost two months for the hack to be publicly acknowledged and they still have 8 to 11 million people still to notify!

 

 

[Lee B]

"Hackers breached the computer system of a technology contractor to the Oregon Health Plan and other healthcare operations and gained access to the personal information of as many as 1.7 million clients.

PH Tech disclosed Tuesday that a “coordinated attack” by hackers led to the breach. The company suspected there had been a breach in June. The firm said it suspects the hack took place on May 30.

Information exposed is believed to include some personal information, including names, dates of birth, social security numbers, mailing addresses and email addresses, as well as health records that could include diagnoses, procedures, claims and member and plan ID numbers."

Again, here it is two months later before the hack is acknowledged. Many of these hacked firms view this as a public relations issue. "Lets delay announcing bad news!" 

It's becoming very clear that most CEOs and Board Members don't value IT Security because it doesn't create any profits!