Blog

Many Medicare beneficiaries will receive new Medicare cards. This is due to a breach of PII (personally identifiable information) as well as some personal health information. CMS (Centers for Medicare & Medicaid Services) and WPS (Wisconsin Physicians Service Insurance Corporation) are sending out notifications to individuals who’s information may be at risk.

This incident occurred in connection with WPS and the Medicare administrative services they provided for CMS. WPS is a contractor that CMS hired to handle Medicare Part A and B claims and related services. Apparently a specific software application WPS used to transfer files showed a potential risk. This may have caused personal information of Medicare beneficiaries as well as other individuals who use the same providers to be as risk.

What personal information is at risk

Some information that may be at risk due to the incident are:

1. Name
2. Date of birth
3. Social Security number or taxpayer ID
4. Medicare Beneficiary Identifier (MBI)
5. Mailing address
6. Hospital/provider account numbers
7. Health insurance claim number
8. Date of service

Who is receiving the notices

Both CMS and WPS are sending written notices to the 946,801 Medicare beneficiaries who may be affected. The notice lets them know about the breach as well as what they are doing in response.

Additionally; CMS is posting a notice for those who may not receive the written notice due to lack of correct contact information. See below for a sample of the letter WPS is sending:

Dear_______________:

The Centers for Medicare & Medicaid Services (CMS), the federal agency that manages the Medicare program, and Wisconsin Physicians Service Insurance Corporation (WPS), are writing to inform you of an incident involving your personal information related to services provided by WPS. WPS is a CMS contractor that handles certain Medicare claims in your state.

The incident involved a security vulnerability in the MOVEit software, a third-party application used by WPS for the transfer of files during the Medicare claims process. WPS is among the many organizations in the United States that have been impacted by the MOVEit vulnerability.

We are sending you this letter so that you can understand more about this incident, how we are addressing it, and additional steps you can take to further protect your privacy. We are providing information on free credit monitoring with this notice, and we will be giving you a new Medicare card with a new Medicare Number.

Your current Medicare benefits or coverage are not affected as a result of this incident.

What CMS is doing about this

CMS and WPS are working together along with law enforcement agencies and cybersecurity forensic consultants to investigate the incident. CMS is taking all actions necessary to protect the personal information of Medicare beneficiaries.

What Medicare beneficiaries can do

WPS is providing those effected with a free Experian 12 month credit monitoring service. It is a good idea to take advantage of this. Beneficiaries do not provide any form of payment information to enroll in this service.

It is important to take advantage of free credit reporting services. Everyone is entitled to a free report every 12 months from the three major credit reporting agencies:

Request a copy of your credit report: 

Visit the Experian website or call (888) 397-3742

Call TransUnion at (800) 916-8800 

Visit the Equifax website or call (888) 378-4329 

Beneficiaries can also call 1-877-322-8228 or request your free credit reports online at annualcreditreport.com.  Once you receive the report, check for issues or inquiries for new accounts you did not request.

Monitoring credit is a way to detect problems early and address issues quickly. Contact law enforcement about suspicious activity and get a copy of any reports filed to send to creditors as proof. Beneficiaries can also file a report with the FTC either on their website by phone 1-877-idtheft (1-877-438-4338) or by mail Federal Trade Commission, Consumer Response Center, 600 Pennsylvania Ave, NW, Washington, DC 20580.

Medicare Cards

Beneficiaries will continue to use their existing Medicare card. CMS is sending new cards with new MBIs for those who may affected. Once the beneficiary receives the new card, they should follow the instructions that come with the card. The instructions will include when to start using the new card. Beneficiaries should destroy their old card at that time. It is important that they give the new number to their providers to avoid delays in payments.

Learn why using a Medicare agent can be a great idea.   

More Information

Beneficiaries who have questions about this can call the confidential toll-free Experian response line at 833-931-5700. Just provide engagement number B130492, there are professionals familiar with this incident and can advise how to protect yourself from information misuse. Reach the professionals at the response line Monday -Friday 8 am – 8 pm Central Time (excluding major U.S. holidays).