"CMS Subcontractor Breach Potentially Exposes Sensitive Data of 254,000 Customers"

According to the Centers for Medicare and Medicaid Services (CMS), personal data, including bank routing and account information for 254,000 people, may have been compromised during a ransomware attack on an agency subcontractor. CMS stated that the subcontractor, Healthcare Management Solutions (HMS), is operating under a contract with ASRC Federal Data Solutions LLC to resolve system errors related to Medicare beneficiary entitlement and premium payment records. HMS also supports the collection of Medicare premiums from the direct-paying beneficiary population. The incident occurred on October 8, per a sample letter from CMS to affected recipients. CMS stated that it was informed that the subcontractor's systems were involved in a cybersecurity incident, but CMS systems were not affected. According to the letter, CMS assessed with "high confidence" that the event may have involved sensitive data. Initial evidence suggests that HMS violated its commitments to CMS, and CMS continues to examine the event. In addition to banking information, the attack may have compromised the names, addresses, dates of birth, Social Security numbers, Medicare Beneficiary Identifiers (MBIs), as well as Medicare entitlement, enrollment, and premium information of beneficiaries. This article continues to discuss the CMS subcontractor breach that has exposed sensitive data of 254,000 individuals. 

NextGov reports "CMS Subcontractor Breach Potentially Exposes Sensitive Data of 254,000 Customers"