Javascript is not enabled.

Javascript must be enabled to use this site. Please enable Javascript in your browser and try again.

Skip to content

Family caregivers: Learn how to best use your family doctor’s expertise during a free AARP webinar.

Content starts here
CLOSE ×
Search
Popular Searches

Games

Car rental

AARP daily Crossword Puzzle

Hotels with AARP discounts

Life Insurance

AARP Dental Insurance Plans

Travel

Suggested Links
Help Show me my account info Change my Address How do I contact AARP? Where is my membership card? How do I get a digital card?
Red Membership Card

AARP MEMBERSHIP

AARP Membership — $12 for your first year when you sign up for Automatic Renewal

Get instant access to members-only products, hundreds of discounts, a free second membership, and a subscription to AARP the Magazine. 

 

120x30-AARP-logo-red
Join
Renew
Enroll
Rejoin

AARP en Español

Join
Renew
Enroll
Rejoin
Leaving AARP.org Website

You are now leaving AARP.org and going to a website that is not operated by AARP. A different privacy policy and terms of service will apply.

Continue Cancel

Nearly 1 Million More Medicare Beneficiaries May Be Affected in Year-Old Data Breach

How to protect yourself if Medicare says your personal information has been exposed

By

Kimberly Lankford,

 
AARP
Comments
Published September 09, 2024
Security breach. Corporate data leakage. Hacker attack.
Getty Images

In this story

New names, old breachReview catches problemsProtect your information

The Centers for Medicare & Medicaid Services (CMS) is notifying almost a million beneficiaries whose personal information may have been compromised in a contractor’s data breach last year.

The contractor, Madison-based Wisconsin Physicians Service Insurance Corp., processes Medicare claims for CMS in six states: Illinois, Iowa, Kansas, Michigan, Missouri and Nebraska. But beneficiaries elsewhere could be affected if they used providers in those states. The notification to 946,801 Medicare beneficiaries comes more than a year after a security vulnerability was discovered in file-transfer software called MOVEit.

Wisconsin Physicians Service collects information such as Medicare and Social Security numbers to manage Medicare claims and audit health care providers. The Medicare beneficiaries’ personally identifiable information was exposed between May 27 and May 31, 2023, but the company patched its MOVEit software and initially thought none of its records had been part of the data breach.

New review unearthed previous copying of records

In May of this year, Wisconsin Physicians Service again reviewed its MOVEit file transfer system with help from a cybersecurity firm, discovering that files had been copied before the patch was put in place. Portions of the files had no personal information, but other parts evaluated July 8 were determined to include information valuable to hackers:

  • Name
  • Address
  • Birth date
  • Gender
  • Hospital account number
  • Medicare or health insurance claim number
  • Social Security number or taxpayer identification number

In August 2023, CMS said the MOVEit data breach had affected 612,000 Medicare beneficiaries. Other commercial and government customers worldwide also use the file transfer application.

“The Centers for Medicare & Medicaid Services have issued … multiple notices in July 2023 related to third-party administrators who were users of the MOVEit transfer software,” says James E. Lee, chief victims officer for the San Diego-based Identity Theft Resource Center. “This is the first breach notice related to Wisconsin Physicians Service Insurance Corp., and it too is linked to the MOVEit breach from last year.”

CMS and Wisconsin Physicians Service say they are not aware of reports of identity fraud or improper use of the personal information as a direct result of the breach but are mailing notifications to the Medicare beneficiaries telling them of steps they can take to protect their financial health.

How to protect your personal information

You can take steps to help monitor your Medicare and credit record and further protect your privacy:

1. Enroll in free credit monitoring. Wisconsin Physicians Service is offering 12 months of free credit monitoring and other services from Experian to people affected. The notice includes steps for enrolling; you do not need to provide your credit card number to sign up.

2. Order a free credit report. Under federal law, you can order one free credit report every 12 months from each of the three major credit agencies — Equifax, Experian and TransUnion — or by calling 877-322-8228. But you can check those reports every week online. Review the reports for suspicious activity and check them periodically.

Report incorrect information to the credit reporting company. If you believe your information is being misused, contact local law enforcement and file a complaint to the Federal Trade Commission.

3. Consider freezing your credit. “Credit monitoring is helpful, but it only tells you what has happened,” Lee says. “It does not stop new credit accounts from being opened in your name.” By freezing your credit, you limit access to your credit history and make it more difficult for identity thieves to open new accounts in your name.

4. Use your current Medicare card for now. If your Medicare number was affected, CMS will mail a new Medicare card to you with a new number in the next few weeks. In the meantime, you can use your current card. When the new card arrives, destroy your old card and let your doctors and other providers know about the new card number.

5. Review your Medicare claims notices. “In health care breaches, it’s important that victims review their benefit statements to determine if anyone has accessed medical services under their name,” Lee says. You receive a Medicare Summary Notice every three months reporting the Medicare claims made in your name.

You can review Medicare claims more quickly using your online Medicare account. Contact the doctor’s office about any problems and report claims you didn’t make to Medicare at 800-633-4227. You can also contact the Senior Medicare Patrol, which receives grants from the federal government and has branches in each state to help detect and report Medicare fraud. Find contact information for your state on the SMP resource center website or by calling 877-808-2468.

Kimberly Lankford is a contributing writer who covers Medicare and personal finance. She wrote about insurance, Medicare, retirement and taxes for more than 20 years at Kiplinger’s Personal Finance and has written for The Washington Post and Boston Globe. She received the personal finance Best in Business award from the Society of American Business Editors and Writers and the New York State Society of CPAs’ excellence in financial journalism award for her guide to Medicare.

Unlock Access to AARP Members Edition

Join AARP to Continue

Already a Member?

Benefits Recommended For You

See All