On September 6, CMS announced a data breach notification stemming from a security vulnerability in MOVEit, a file transfer application by Progress Software, used by the contractor WPS. This breach potentially affected the sensitive data of around 946,801 Medicare beneficiaries, compromising personal information collected for Medicare claims management and supporting CMS healthcare provider audits. The data may include PII of both Medicare beneficiaries and non-beneficiaries. The breach was detected between May 27 and 31, 2023, with CMS being notified on July 8. Affected individuals are being contacted via mail.
"id": "cen001033025",
"linkid": "centers-for-medicare-&-medicaid-services",
"type": "Vulnerability",
"date": "9/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"