Have you received an email from the Center for Medicare & Medicaid Services (CMS) about the Maximus data breach? Is it a scam? Don’t panic — read on for the full story as well as security steps to take.  

Maximus Data Breach: What Happened? 

Maximus Federal Service (Maximus) is one of the US government contractors that support and manage the Medicare program. It has been confirmed that in May 2023, Maximus was affected by the MOVEit (a file transfer application) vulnerability that compromised vast swathes of data, allowing access to unauthorized parties. As stated when we reported on the Oregon DMV data breach last month, the MOVEit vulnerability has affected everyone from Umpqua Bank to the BBC to the US Department of Energy.  

What Was Compromised? 

CMS estimates that the breach affected the personally identifiable information (PII) and protected health information (PHI) of approximately 612,000 current medicare beneficiaries. Beyond that, Maximus have stated that they believe up to 11,000,000 individuals may also be affected. 

CMS is notifying Medicare beneficiaries who might have fallen victim to the data breach and had their PII exposed. According to their announcement, leaked data includes: 

• Name 
• Social Security Number or Individual Taxpayer Identification Number 
• Date of Birth 
• Mailing Address 
• Telephone Number, Fax Number, & Email Address 
• Medicare Beneficiary Identifier (MBI) or Health Insurance Claim Number (HICN) 
• Driver’s License Number and State Identification Number 
• Medical History/Notes (including medical record/account numbers, conditions, diagnoses, dates of service, images, treatments, etc.) 
• Healthcare Provider and Prescription Information 
• Health Insurance Claims and Policy/Subscriber Information 
• Health Benefits & Enrollment Information 

Steps to Take If You’re Affected in a Data Breach 

CMS have stated that you can continue to use your existing Medicare card; if you need a new one, they will mail it to you directly. In addition, be sure to follow these best practices to stay ahead of identity thieves:  

• Free credit report: Keep track of your credit history and credit score. For a guide on how to do this, head over here!  
• Stay on top of bills: Know what you owe and when it’s due. If you stop receiving a bill, or if you start to receive new ones, and it wasn’t you that made this change, this could be a red flag that someone is using your PII and has changed your billing address. 
• Bank statements: Regularly review your bank account statements. If you see a transaction that you don’t recognize, it could be a sign that your identity has been stolen.  

Further top tips:  

• Check your health insurance records and tax return information.
• Make sure you always have access to sensitive online accounts. 
• Watch out for spam emails, texts, and mail .
• Check for physical mail and stolen trash.
• Always know where your ID, credit cards, and other sensitive documents are kept.
• Check your “mySocial Security” account for signs of fraud.

Protecting Your Identity and Personal Info  

Compromised personal data can have serious consequences, including identity theft, financial fraud, and job losses. We would encourage readers to head over to our new FREE ID Protection platform, which has been designed to meet these challenges.   

With ID Protection, you can:  

• Check to see if your data (email, number, password, credit card) has been exposed in a leak, or is up for grabs on the dark web;  
• Secure your social media accounts with our Social Media Account Monitoring tool, with which you’ll receive a personalized report;  
• Receive the strongest tough-to-hack password suggestions from our advanced AI (they’ll be safely stored in your Vault);  
• Enjoy a safer browsing experience, as Trend Micro checks websites and prevents trackers.  

All this for free — why not give it a go today? If this article has been an interesting and/or useful read, please do SHARE it with family and friends to help keep the online community secure and informed — and consider leaving a like or comment below.