The Department of Health and Human Services and the Centers for Medicare and Medicaid Services are responding to a data breach in May in Progress Software’s MOVEit Transfer software on the corporate network of Maximus Federal Services, a contractor to the Medicare program. The breach involved Medicare beneficiaries’ personally identifiable information (PII) and/or protected health information (PHI).
No HHS or CMS systems were impacted, the agencies said. Maximus is among the many organizations in the U.S. that have been impacted by the MOVEit vulnerability.
Late last week, CMS and Maximus sent letters of notification to people who may have been impacted by the breach, informing them of the actions being taken in response, Healthcare Finance reports. CMS estimates the MOVEit breach impacted about 612,000 current Medicare beneficiaries. Read more.