CMS Alerts 100,000 Medicare Users About Data Breach, New Medicare Numbers Issued

Over 100,000 Americans are impacted by a data breach, as the CMS has confirmed unauthorized activity on Medicare.gov accounts. Beneficiaries will receive new Medicare numbers and cards as the agency works to mitigate the damage. CMS is actively investigating the breach while reassuring recipients that their security is a priority.

Published on
Read : 2 min
US CMS breach
US CMS breach. credit : shutterstock | en.Econostrum.info - United States

The Centers for Medicare & Medicaid Services (CMS) has alerted more than 100,000 Medicare recipients about a data incident that may have compromised their personal information. Affected individuals will be receiving new Medicare numbers to ensure their security.

This announcement comes after CMS identified unauthorized activity linked to Medicare.gov accounts, with suspicious accounts created using the beneficiaries’ personal data. The agency stated that it had acted swiftly to deactivate these accounts and is continuing to investigate the breach’s scope and impact.

Unauthorised Creation of Accounts

On May 2, 2025, CMS became aware of suspicious activity when its call centre began receiving calls from beneficiaries who had received letters about Medicare.gov accounts they did not initiate. 

Following an investigation, it was confirmed that “malicious actors” had fraudulently created accounts between 2023 and 2025 using legitimate beneficiary data, including Medicare Beneficiary Identifiers (MBIs), dates of birth, and addresses, among other personal details.

The CMS has taken steps to address the issue, deactivating the compromised accounts and blocking new account creations from foreign IP addresses. 

While the agency has not found any evidence of identity theft or misuse of the compromised information, it is offering guidance to affected beneficiaries on how to protect their data. Those impacted will soon receive new Medicare cards, each with a unique Medicare number.

According to CMS, the breach also involved access to some sensitive information, such as service details, plan premiums, and medical diagnoses. While the full impact remains under investigation, the agency has assured recipients that steps are being taken to minimise any further risks to their personal data.

Steps to Protect Personal Information

In response to the breach, CMS has advised beneficiaries to closely monitor their Medicare accounts for any suspicious activity. Beneficiaries should review their Medicare Summary Notices (MSNs) and Explanation of Benefits (EOBs) for any unfamiliar charges or services. 

If any discrepancies are noticed, recipients are encouraged to report the findings to 1-800-MEDICARE or the Office of Inspector General.

Additionally, CMS recommends that beneficiaries obtain free annual credit reports through www.annualcreditreport.com, and if they suspect identity theft, they should file a report with the Federal Trade Commission or their local law enforcement. 

These preventive steps are designed to help ensure that the affected individuals can mitigate the risks of any potential misuse of their data.

The CMS’s continued investigation into the incident is essential in understanding its full scope. For now, the affected beneficiaries are being reassured that their security is a priority, and efforts are being made to safeguard their personal information.

Leave a Comment

Share to...