Medicare & Medicaid Service Faces Data Breach Impacting Over 100,000 Beneficiaries
July 2, 2025 — News 9
In a recent cybersecurity incident, the Centers for Medicare & Medicaid Services (CMS) has disclosed a data breach involving the unauthorized creation of Medicare.gov online accounts. Approximately 103,000 Medicare beneficiaries nationwide may have been affected by this breach, which originated from unknown external sources obtaining personal information.
Incident Overview
CMS identified suspicious activities tied to fraudulent accounts created on Medicare.gov using individuals’ personal data. The compromised information includes Medicare Beneficiary Identifiers (MBI), last names, dates of birth, coverage start dates, and zip codes. This unauthorized access occurred between 2023 and 2025, and once accounts were established, additional sensitive information—such as provider details, mailing addresses, dates of medical service, diagnosis codes, services received, and plan premium data—may have been accessed by the perpetrators.
While CMS has not received reports indicating that this data breach has directly led to identity theft or fraud, the agency is treating the matter with utmost seriousness, taking proactive steps to safeguard affected beneficiaries.
CMS Response and Protective Measures
Upon learning of the breach, CMS acted swiftly to deactivate all counterfeit Medicare.gov accounts linked to the exploitation. Additional security measures have been implemented, including disabling the creation of Medicare.gov accounts from foreign internet protocol (IP) addresses to prevent further fraudulent activity.
CMS is actively monitoring claims data to identify any suspicious behavior and is issuing new Medicare cards featuring refreshed Medicare Beneficiary Identifiers for all affected individuals. Notifications are being mailed out to inform beneficiaries about the breach, detail the steps CMS is taking, and provide guidance on recommended actions for protection.
A sample notification letter sent to affected beneficiaries states:
"We’re writing to inform you of an incident involving your personal information related to your Medicare.gov account. To help make sure your privacy is protected, we will mail you a new Medicare card with a new Medicare Number in the coming weeks. The incident involved currently unknown bad actors who accessed your data from an unknown source to fraudulently create Medicare.gov accounts. Your current Medicare benefits or coverage aren’t affected by this incident."
Recommendations for Beneficiaries
CMS urges all Medicare beneficiaries, especially those potentially impacted, to remain vigilant and take these precautionary steps:
- Review Medicare Summary Notices (MSNs) and Explanation of Benefits (EOBs) regularly for any unfamiliar charges or services.
- Report any suspicious activity by calling 1-800-MEDICARE (1-800-633-4227) or filing complaints with the Office of Inspector General via their website at oig.hhs.gov/fraud/report-fraud/.
- Obtain free annual credit reports through www.annualcreditreport.com or by phone at 1-877-322-8228 to watch for signs of identity misuse.
- Report potential identity theft to local law enforcement and the Federal Trade Commission by calling 1-877-IDTHEFT (1-877-438-4338) or visiting www.ftc.gov/idtheft.
Those with questions or concerns can contact CMS directly at 1-800-MEDICARE for personalized assistance.
Commitment to Security
CMS remains committed to protecting the privacy and security of Medicare beneficiaries’ data. The agency is continuing its investigation in coordination with appropriate federal and cybersecurity partners to prevent further unauthorized access and ensure the integrity of Medicare services.
Beneficiaries will receive additional updates as the situation develops. Meanwhile, CMS encourages all users of the Medicare.gov portal to monitor their accounts closely and utilize available resources to safeguard their personal information.
Stay informed with News 9 for the latest updates on this developing story and other important news affecting Oklahomans.
For further information or assistance, please contact:
CMS Medicare Helpline: 1-800-MEDICARE (1-800-633-4227)
OIG Fraud Reporting: oig.hhs.gov/fraud/report-fraud/
FTC Identity Theft: www.ftc.gov/idtheft | 1-877-IDTHEFT (1-877-438-4338)
Published by News 9, Oklahoma City
© 2025 Griffin Media