The notification from CMS revealed that due to a security vulnerability in the MOVEit software, unauthorized third parties gained access to the personal information (PII) of 946,801 Medicare beneficiaries. The breach occurred between May 27 and May 31, 2023, and impacted data related to Medicare claims management and CMS audits. The breach was reported to CMS on July 8, and affected individuals are being notified of the potential compromise of their PII.
TPRM report: https://scoringcyber.rankiteo.com/company/wps-health-insurance
"id": "wps001040125",
"linkid": "wps-health-insurance",
"type": "Vulnerability",
"date": "9/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '946,801 Medicare beneficiaries',
'industry': 'Healthcare',
'location': 'United States',
'name': 'Centers for Medicare & Medicaid Services '
'(CMS)',
'type': 'Government Agency'}],
'attack_vector': 'Software Vulnerability',
'data_breach': {'number_of_records_exposed': '946,801',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'PII'},
'date_detected': '2023-07-08',
'description': 'Unauthorized third parties gained access to the personal '
'information (PII) of 946,801 Medicare beneficiaries due to a '
'security vulnerability in the MOVEit software.',
'impact': {'data_compromised': 'PII of Medicare beneficiaries'},
'references': [{'source': 'CMS Notification'}],
'response': {'communication_strategy': 'Notifying affected individuals'},
'threat_actor': 'Unauthorized third parties',
'title': 'CMS Medicare Beneficiaries Data Breach',
'type': 'Data Breach',
'vulnerability_exploited': 'MOVEit software vulnerability'}