CMS Notifies People Potentially Impacted by Data Breach

Sept. 9, 2024

WPS notified CMS that files containing protected health information were compromised in a cybersecurity incident involving MOVEit

Pietje Kobus

CMS Notifies People Potentially Impacted by Data Breach

In a press release dated September 6, the Centers for Medicare & Medicaid Services (CMS) announced that together with the CMS contractor Wisconsin Physicians Service Insurance Corporation (WPS), it is notifying individuals whose protected health information may have been compromised in connection with Medicare administrative services provided by WPS.

“The notification comes following discovery of a security vulnerability in the MOVEit software, a third-party application developed by Progress Software and used by WPS for the transfer of files in providing services to CMS,” the press release stated. “The security incident may have impacted personally identifiable information (PII) of Medicare beneficiaries that was collected in managing Medicare claims as well as PII collected to support CMS audits of healthcare providers that some individuals who are not Medicare beneficiaries have visited to receive healthcare services.”

CMS stated that a vulnerability in the MOVEit software allowed unauthorized third parties to access personal information transferred using MOVEit between May 27 and 31, 2023. WPS notified CMS of the breach on July 8. Notifications to 946,801 people with Medicare are being mailed out.