In June, two major breaches compromised over 13 million patient records. Now, a newly confirmed Medicare data breach has affected more than 100,000 Americans. Hackers accessed sensitive data linked to Medicare.gov accounts, including full names, dates of birth, ZIP codes, Medicare Beneficiary Identifiers (MBIs), Medicare coverage details, home addresses, provider and diagnosis codes, services received, and plan premium details. CMS has deactivated all affected accounts and is mailing new Medicare cards to the estimated 103,000 individuals affected. No confirmed identity theft cases have been reported yet.
Source: https://www.foxnews.com/tech/medicare-data-breach-exposes-100000-americans-info
TPRM report: https://scoringcyber.rankiteo.com/company/centers-for-medicare-&-medicaid-services
"id": "cen821071225",
"linkid": "centers-for-medicare-&-medicaid-services",
"type": "Breach",
"date": "7/2025",
"severity": "85",
"impact": "",
"explanation": "Attack with significant impact with customers data leaks: Attack which causes leak of personal information of customers ( only if no ransomware )"{'affected_entities': [{'customers_affected': '103,000',
'industry': 'Healthcare',
'location': 'United States',
'name': 'Centers for Medicare & Medicaid Services '
'(CMS)',
'type': 'Government Agency'}],
'attack_vector': ['Account Creation using Stolen Personal Data'],
'customer_advisories': ['Monitor your Medicare.gov account for suspicious '
'activity',
'Report unauthorized services or charges immediately'],
'data_breach': {'number_of_records_exposed': '103,000',
'personally_identifiable_information': ['Full names',
'Dates of birth',
'ZIP codes',
'Medicare Beneficiary '
'Identifiers (MBIs)',
'Medicare coverage '
'details',
'Home addresses',
'Provider and '
'diagnosis codes',
'Services received',
'Plan premium '
'details'],
'sensitivity_of_data': ['High'],
'type_of_data_compromised': ['Personal Information',
'Medical Information']},
'date_detected': 'May 2025',
'description': 'A newly confirmed Medicare data breach has affected more than '
'100,000 Americans. Hackers accessed sensitive data linked to '
'Medicare.gov accounts.',
'impact': {'data_compromised': ['Full names',
'Dates of birth',
'ZIP codes',
'Medicare Beneficiary Identifiers (MBIs)',
'Medicare coverage details',
'Home addresses',
'Provider and diagnosis codes',
'Services received',
'Plan premium details'],
'identity_theft_risk': ['High'],
'systems_affected': ['Medicare.gov Accounts']},
'initial_access_broker': {'entry_point': ['Medicare.gov Accounts'],
'reconnaissance_period': ['Late 2023']},
'investigation_status': 'Ongoing',
'motivation': ['Data Theft'],
'post_incident_analysis': {'root_causes': ['Stolen Personal Data from '
'External Sources']},
'recommendations': ['Watch for unusual account activity',
'Use an identity theft protection service',
'Secure your Medicare information',
'Remove personal data',
'Report fraud to Medicare and the FTC'],
'references': [{'source': 'Fox News'}],
'response': {'communication_strategy': ['Letters to Affected Individuals'],
'containment_measures': ['Account Deactivation',
'Issuing New Medicare Cards']},
'title': 'Medicare Data Breach',
'type': 'Data Breach',
'vulnerability_exploited': ['Stolen Personal Data from External Sources']}