Medicare Data Breach May Have Compromised Personal Information of 100,000 Americans
The Centers for Medicare & Medicaid Services (CMS) announced on June 30, 2025, that a recent data incident has potentially compromised the personal information of approximately 103,000 Medicare recipients. This breach, described as unauthorized access linked to Medicare.gov accounts, has led CMS to take immediate steps to protect beneficiaries, including issuing new Medicare identification numbers and cards to those affected.
Details of the Breach
According to CMS, the data incident involved the creation of unauthorized Medicare.gov accounts by unspecified malicious actors between 2023 and 2025. The suspicious activities were first identified on May 2, 2025, when the Medicare call center began receiving inquiries from beneficiaries who reported receiving letters about accounts they had not established.
The compromised information is believed to include sensitive personal details such as mailing addresses, last names, dates of birth, zip codes, plan premium information, and specifics regarding medical services received, including dates of treatment, diagnosis codes, and the identity of medical providers.
In response, CMS has deactivated the fraudulent accounts and disabled the ability to create new accounts from foreign Internet Protocol (IP) addresses as a security measure.
Actions Taken and What Beneficiaries Should Expect
CMS is proactively reaching out to those potentially impacted by mailing letters that explain the incident. Along with this notification, affected beneficiaries will receive a new Medicare ID number and card to help safeguard their identities.
While CMS has stated that it is not currently aware of any identity theft resulting from the breach, the agency urges all Medicare recipients to remain vigilant and monitor their accounts for any irregularities.
Guidance for Medicare Recipients
To help protect themselves, Medicare users are advised to take several precautionary steps:
-
Regularly review Medicare Summary Notices and Explanation of Benefits for any charges or services they do not recognize.
-
Report suspicious activity or potential fraud by contacting 1-800-MEDICARE (1-800-633-4227) or the Office of Inspector General via their website at oig.hhs.gov/fraud/report-fraud/.
-
Obtain free annual credit reports through www.annualcreditreport.com or by calling 1-877-322-8228 to detect and prevent identity theft.
-
If identity theft is suspected, file reports with local law enforcement and/or the Federal Trade Commission at www.ftc.gov/idtheft or by calling 1-877-IDTHEFT (1-877-438-4338).
-
Contact the Medicare helpline at 1-800-MEDICARE for further assistance and concerns.
A Call for Caution Amid Open Enrollment
This breach underscores the importance of vigilance during Medicare’s open enrollment period, a time when scammers often target beneficiaries with fraudulent calls and schemes. CMS reiterates the need for caution when receiving unsolicited contacts claiming to be from Medicare.
Conclusion
The recent Medicare data breach affecting over 100,000 recipients serves as a sobering reminder of the ongoing threats to personal information security. Through prompt action and thorough guidance, CMS aims to safeguard beneficiaries and minimize the impact of this incident. Medicare users are encouraged to follow the recommended precautions and maintain careful oversight of their accounts to protect their information and benefits.
For more information or to report suspected fraud, Medicare recipients should contact 1-800-MEDICARE or visit the official Medicare website.