CMS and WPS are notifying individuals of a security incident that resulted from a vulnerability in MOVEit software, leading to potential unauthorized access to personal information. This incident has potentially compromised PII of Medicare beneficiaries, impacting Medicare claims management and healthcare provider CMS audits. Approximately 946,801 people with Medicare are being affected with notifications being dispatched.
TPRM report: https://scoringcyber.rankiteo.com/company/centers-for-medicare-&-medicaid-services
"id": "cen001040525",
"linkid": "centers-for-medicare-&-medicaid-services",
"type": "Vulnerability",
"date": "9/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 946801,
'industry': 'Healthcare',
'name': 'CMS and WPS',
'type': 'Government Agency'}],
'attack_vector': 'Software Vulnerability',
'customer_advisories': 'Notifications being dispatched to affected '
'individuals',
'data_breach': {'number_of_records_exposed': 946801,
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Personal Information'},
'description': 'A security incident resulting from a vulnerability in MOVEit '
'software led to potential unauthorized access to personal '
'information of Medicare beneficiaries.',
'impact': {'data_compromised': 'Personal Information, Medicare claims data',
'operational_impact': 'Impact on Medicare claims management and '
'healthcare provider CMS audits',
'systems_affected': 'MOVEit software'},
'motivation': 'Unauthorized access to personal information',
'post_incident_analysis': {'root_causes': 'Vulnerability in MOVEit software'},
'response': {'communication_strategy': 'Notifications being dispatched to '
'affected individuals'},
'title': 'CMS and WPS Data Breach via MOVEit Software Vulnerability',
'type': 'Data Breach',
'vulnerability_exploited': 'MOVEit software vulnerability'}