Vulnerability cyber

Centers for Medicare & Medicaid Services (CMS)

Sep 15, 2024 1 min read
Centers for Medicare & Medicaid Services (CMS)

CMS, in collaboration with its contractor WPS, is addressing a breach where private health information may have been exposed due to a vulnerability in MOVEit software used for Medicare administrative tasks. The incident exposed personal data of Medicare beneficiaries and additional PII for CMS audits. The breach, discovered between May 27 and May 31, 2023, affected approximately 946,801 individuals, leading to notifications being sent to those impacted.

Source: https://www.hcinnovationgroup.com/cybersecurity/data-breaches/news/55138546/cms-notifies-people-potentially-impacted-by-data-breach

TPRM report: https://scoringcyber.rankiteo.com/company/centers-for-medicare-&-medicaid-services

"id": "cen000091524",
"linkid": "centers-for-medicare-&-medicaid-services",
"type": "Vulnerability",
"date": "9/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': 946801,
                        'industry': 'Healthcare',
                        'name': 'CMS (Centers for Medicare & Medicaid '
                                'Services)',
                        'type': 'Government Agency'},
                       {'industry': 'Healthcare',
                        'name': 'WPS',
                        'type': 'Contractor'}],
 'attack_vector': 'Exploitation of a software vulnerability',
 'customer_advisories': 'Notifications sent to impacted individuals',
 'data_breach': {'number_of_records_exposed': 946801,
                 'personally_identifiable_information': True,
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Personal data of Medicare '
                                              'beneficiaries',
                                              'PII for CMS audits']},
 'date_detected': '2023-05-27 to 2023-05-31',
 'description': 'CMS, in collaboration with its contractor WPS, is addressing '
                'a breach where private health information may have been '
                'exposed due to a vulnerability in MOVEit software used for '
                'Medicare administrative tasks. The incident exposed personal '
                'data of Medicare beneficiaries and additional PII for CMS '
                'audits. The breach, discovered between May 27 and May 31, '
                '2023, affected approximately 946,801 individuals, leading to '
                'notifications being sent to those impacted.',
 'impact': {'data_compromised': ['Personal data of Medicare beneficiaries',
                                 'PII for CMS audits'],
            'systems_affected': 'MOVEit software'},
 'post_incident_analysis': {'root_causes': 'Vulnerability in MOVEit software'},
 'response': {'communication_strategy': 'Notifications sent to impacted '
                                        'individuals'},
 'title': 'CMS and WPS Data Breach',
 'type': 'Data Breach',
 'vulnerability_exploited': 'MOVEit software vulnerability'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.