The Centers for Medicare and Medicaid Services is notifying almost 950,000 Medicare beneficiaries that their personally identifiable information was compromised in late May 2023.
In a press release, CMS reported details of the situation. Here’s a Readers Digest summary.
In May 2023, Wisconsin Physicians Service identified a vulnerability in its system for transferring files. WPS applied a patch and didn’t think any personal information had been exposed. However, in July of this year, WPS determined that some of the files contained personal information and notified CMS.
“Some” turned out to be 946,801 current Medicare beneficiaries. Information exposed included name, Social Security number, and Medicare Beneficiary Identifier, more commonly known as the Medicare number.
CMS announced in September that it was sending letters to identified individuals, explaining the situation, the information involved, what CMS and WPS are doing, and what you can do. Last month, CMS started processing the reassignment of numbers.
What You Can Do
If your data have been hacked before, these two steps in the CMS letter will sound familiar.
- Enroll in a complimentary 12 months of credit monitoring at no cost.
- Obtain a free credit report.
Then, these actions are important in this situation.
- Verify that Medicare has your current address.
CMS is mailing new cards to the addresses on file. You can check your address in your Medicare.gov account. Log in, click on your first name in the header bar, and the account settings. If the address is not correct, update it through your my Social Security account, by calling Social Security at (800) 772-1213, or visiting your local office. (Find it at https://secure.ssa.gov/ICON/main.jsp.)
- Watch your mailbox for a new Medicare Card.
Usually, the card comes in a plain white envelope from Department of Health and Human Services. Given CMS just started the process of assigning new numbers in October, it may be awhile until it arrives.
- Verify that the information on the card is accurate.
Specifically, check the spelling of your name and the effective dates for Part A and Part B.
- Show the new card to your healthcare providers as soon as possible.
CMS has said those involved can continue to use their current card until a new one arrives. But know that using the old card could lead to denial of claims and plan applications. Note that this step applies to those who have Original Medicare, with or without a Medicare supplement. Those who elected Medicare Advantage should put the card in a safe place.
- Review your Medicare Summary Notices.
Confirm that dates of service and other information match your records.
- Report any problems or unusual claims to Medicare ((800) 633-4227) or the Senior Medicare Patrol (SMP)((877) 808-2468).
- If you are a caregiver or responsible person for a Medicare beneficiary, pay attention to these points on their behalf.
This can be overwhelming for anyone but especially those who are dealing with health and other issues.
This breach wasn’t the first of healthcare data. The Identity Theft Resource Center reported that healthcare led all industries in the number of reported compromises in each of the past five years. And, unfortunately, healthcare data breaches continue. The HIPAA Journal revealed that, in the first nine months of this year, the protected health information of 63,738,063 individuals was exposed.
You’ve heard it before, protect your Medicare number.
- Don’t ever let anyone borrow or pay you to use your Medicare number.
- Don’t share your number with anyone who contacts you by telephone, email or in person, unless you’ve given them permission in advance.
- Know that Medicare will never call you, asking for your Medicare number.
Be vigilant. There are countless predators and scammers out there trying to profit from your personal information. It’ s ugly. It’s hard to accept. It’s the digital age. It’s difficult to imagine, but that information is all about you. Guard it, protect yourself.