Medicare Patients’ Health Records Breached in MOVEit Hack
(Bloomberg) -- More than 600,000 people in the US Medicare program may have had personal data including medical records exposed through a data breach.
Most Read from Bloomberg
Bond Rout Saps Risk Appetite Before Jobs Report: Markets Wrap
Fitch’s US Credit Downgrade Sparks Criticism Along With Unease
The Strange Story Behind ‘Baldur’s Gate 3,’ One of the Year’s Biggest Releases
NYC Considers Central Park Among Sites to House Migrants as Crisis Mounts
The data was on systems belonging to Maximus Federal Services, a unit of Maximus Inc., that used file transfer software MOVEit, Medicare announced in a statement. A vulnerability in the MOVEit software exploited by hackers has been tied to a widening circle of data breaches at companies and public agencies.
Medicare patients may have had some of their most intimate health information exposed, including medical histories and visit notes, diagnoses, images and treatments, along with names, dates of birth, contact information and insurance data, the agency said.
Maximus alerted the Centers for Medicare and Medicaid Services to the breach on June 2, three days after it detected unusual activity on the MOVEit program, according to the agency. CMS systems were not directly affected, the agency said.
Maximus said in a statement that it’s investigating the breach and that other parts of its corporate network were unaffected.
Read More: US Health Department Ensnared by MOVEit Hacking Campaign
The agency and the company are contacting the 612,000 people affected and intend to offer free credit monitoring services and instructions on how they can replace compromised Medicare cards.
The Medicare program covers about 65 million Americans.
Maximus, based in McLean, Virginia, is a large government contractor that gets almost half its revenue from US federal agencies, according to a company filing. The company brought in nearly $2.5 billion in unclassified contract awards from CMS since 2019, according to Bloomberg Government data. A little over $2 billion of that was made up of three call center contracts — the latest set to expire in 2031.
--With assistance from William Turton and Caleb Harshberger.
(Updates with additional details on Maximus’ contracting business in final paragraph)
Most Read from Bloomberg Businessweek
Influencers Built Up This Wellness Startup—Until They Started Getting Sick
AI in Hollywood Has Gone From Contract Sticking Point to Existential Crisis
Amazon Unveils Biggest Grocery Overhaul Since Buying Whole Foods
With AI Booming, Gary Gensler Wants to Keep Finance Safe for Humans
Honoring the Enslaved Man Who Made Jack Daniel’s First Whiskey
©2023 Bloomberg L.P.