More than 330,000 Medicare recipients had their sensitive information compromised after the U.S. Center for Medicare & Medicaid Services had its third-party contractor Maximus Federal Services impacted by the widespread MOVEit file transfer system hack by the Cl0p ransomware operation, reports The Record, a news site by cybersecurity firm Recorded Future.
Maximus had its systems accessed from May 27 to 31, enabling attackers to exfiltrate individuals' names, birthdates, addresses, phone numbers, and Social Security numbers, as well as Medicare Beneficiary Identifiers, medical history, healthcare provider and prescription details, and health insurance claims, among others, according to the CMS, which emphasized that none of its systems have been compromised as a result of the incident.
Such a disclosure comes just a week after Maine confirmed the compromise of more than 1.3 million residents' data due to the MOVEit hack, which Emsisoft threat analyst Brett Callow noted emphasizes the importance of federal "secure by design" efforts.
