A massive data breach at the Centers for Medicare & Medicaid Services (CMS) has exposed the personal information of over 100,000 Americans.
What Happened?
Hackers created fake Medicare.gov accounts using information likely obtained from outside sources. This information included names, birth dates, Medicare numbers, and addresses. Once inside the accounts, they accessed even more sensitive data like provider details, mailing addresses, medical diagnoses, and treatment information.
The breach was discovered after CMS received numerous complaints from Medicare beneficiaries who received letters about accounts they didn’t create. The agency launched an investigation and deactivated the fraudulent accounts. The compromised accounts were created between 2023 and 2025.
What Information Was Exposed?
The stolen data included:
- Names
- Dates of birth
- Medicare Beneficiary Identifiers
- Coverage start dates
- ZIP codes
- Mailing addresses
- Provider details
- Dates of service
- Diagnosis codes
- Services received
- Plan premiums
What Should You Do?
CMS recommends that affected individuals obtain a free credit report from each of the three major credit bureaus. While no cases of identity theft have been reported yet, it’s a good preventative measure.
CMS Response
CMS is investigating the breach and working to prevent future incidents. They are encouraging those affected to monitor their accounts and credit reports closely.