In a troubling revelation, sensitive information belonging to nearly one million Medicare users in Wisconsin has been exposed following a cyberattack targeting the widely-used MOVEit file transfer service. The Centers for Medicare & Medicaid Services (CMS) and Wisconsin Physicians Service Insurance Corporation (WPS) announced that personal data was compromised, impacting 946,801 residents.
The breach occurred after hackers exploited a vulnerability in MOVEit, which WPS uses to manage Medicare claims and communicate with CMS. Compromised data includes names, Social Security numbers, birthdates, addresses, Medicare account numbers, and various health insurance details. CMS has started notifying affected individuals and will soon issue new Medicare cards to those impacted, advising recipients to destroy their old cards and update their providers with the new information.
Initially, when the attacks were reported in May 2023, WPS quickly applied the necessary patch and found no signs of their systems being breached. However, in May 2024, based on new intelligence, WPS conducted a deeper investigation with an external cybersecurity firm. The findings revealed that hackers had accessed and copied files before WPS patched the vulnerability. The stolen data was collected between May 27 and May 31, 2023, while WPS was processing Medicare claims and auditing healthcare providers.
As of July 2024, WPS confirmed that CMS had been notified of the breach. In addition to the direct mail notices, CMS is also posting information on its website for individuals whose current contact information might be unavailable, potentially indicating that more people could be affected than initially reported. CMS has not disclosed whether this group extends beyond the nearly one million listed.
Victims of the breach are being encouraged to take advantage of one year of free credit monitoring and remain vigilant for suspicious activities on their accounts. CMS has stressed that it is continuing to investigate the breach in coordination with law enforcement.
The MOVEit campaign, believed to be one of the largest cyberattacks in recent history, has caused significant disruption worldwide. Cybersecurity firm Emsisoft estimates that 2,773 organizations fell victim to the attack, with the personal data of nearly 96 million individuals exposed. Hackers tied to the Clop ransomware gang, believed to be behind the attack, have reportedly profited anywhere from $75 to $100 million from ransom payments during the campaign.
This breach has sent shockwaves through the global community, with government agencies and major corporations confirming massive data theft. Despite the scale of the attack, the Securities and Exchange Commission (SEC) recently decided not to pursue enforcement action against MOVEit’s developer, Progress Software. However, the company still faces a barrage of class-action lawsuits and investigations from federal, state, and international authorities.
This is not the first time CMS has faced challenges from the MOVEit breach. Back in November 2023, CMS disclosed that approximately 330,000 Medicare recipients were also impacted when Clop hackers infiltrated MOVEit through a contractor’s systems.
With the cyber threat landscape ever-evolving, this breach serves as a sobering reminder of the vulnerability of critical systems and the far-reaching consequences for individuals when such attacks occur.
Sponsored • TRJ Ads
Inquiries: contact@therealistjuggernaut.com
WOW! Incredible!