Nearly a quarter million Medicare beneficiaries require new identifiers and ID cards following a ransomware attack on a government contractor that compromised a range of sensitive personal and health information.
The Centers for Medicare and Medicaid Services in a statement Wednesday said it is notifying 245,000 Medicare beneficiaries affected by a data breach experienced by a subcontractor to a company hired to resolve system errors related to beneficiary entitlement and premium payment records. Approximately 64 million Americans benefit from Medicare.
The subcontractor is Healthcare Management Solutions and the main contractor is ASRC Federal Data Solutions. CMS wrote in its breach notification letter without elaboration that an initial investigation points to the subcontractor having “acted in violation of its obligations.”
The incident may have exposed sensitive data including names; birthdates; phone numbers; Medicare identifiers; banking information, such as routing and account numbers; Medicare enrollment, entitlement and premium information; and Social Security numbers.
Ransomware hackers did not compromise federal systems or obtain Medicare claims data, CMS says. The attack occurred on Oct. 8 on HMS’ corporate network.