Medicare Compliance & Reimbursement

Industry Note:

Even Medicare Contractors Are at Risk of a Data Breach

Healthcare providers aren’t the only ones menaced by HIPAA breaches and their fallout.

Medicare contractor Healthcare Management Solutions, a subcontractor of ASRC Federal Data Solutions, was hit by a ransomware attack on Oct. 8, the Centers for Medicare & Medicaid Services says in a release. “The incident involving HMS has the potential to impact up to 254,000 Medicare beneficiaries’ personally identifiable information out of the over 64 million beneficiaries that CMS serves,” CMS notes.

The affected beneficiaries “will receive an updated Medicare card with a new Medicare Beneficiary Identifier, be offered free-of-charge credit monitoring services, and will [receive] additional information about the incident,” according to CMS.

“The safeguarding and security of beneficiary information is of the utmost importance to this Agency,” CMS Administrator Chiquita Brooks-LaSure says in the release. “We continue to assess the impact of the breach involving the subcontractor, facilitate support to individuals potentially affected by the incident, and will take all necessary actions needed to safeguard the information entrusted to CMS.”

In a letter to the affected benes, CMS says “At this time, we’re not aware of any reports of identity fraud or improper use of your information as a direct result of this incident. However, out of an abundance of caution we are issuing you a new Medicare card with a new number. CMS will mail the new card to your address in the coming weeks. In the meantime, you can continue to use your existing Medicare card.”

No CMS systems were breached, and no Medicare claims data were involved, CMS maintains.