The Centers for Medicare & Medicaid Services (CMS) has informed Medicare beneficiaries about a data incident that may have compromised their personal information. This issue involves unauthorized creation of online accounts on Medicare.gov using data from unknown external sources.
"CMS takes this situation very seriously," the agency said, emphasizing the importance of protecting personally identifiable information. Upon detecting the incident, CMS quickly deactivated affected accounts and assessed the scope of the breach to mitigate its impact. The agency is collaborating with relevant parties to investigate further.
Approximately 103,000 beneficiaries might be affected by this breach. CMS is mailing notifications to these individuals, explaining the incident and advising them on protective measures they can take. A sample letter sent to those potentially impacted explains that new Medicare cards with updated numbers will be issued soon.
The breach was discovered on May 2, 2025, when CMS's call center began receiving inquiries from beneficiaries about unsolicited account creation confirmations. An investigation revealed that between 2023 and 2025, malicious actors used valid beneficiary information to create fraudulent accounts. These details included Medicare Beneficiary Identifiers (MBI), coverage start dates, last names, birth dates, and zip codes.
Once unauthorized accounts were set up, additional beneficiary data such as provider information and diagnosis codes may have been accessed. Although there are no reports of identity fraud linked directly to this activity, CMS is taking preventive measures.
CMS has deactivated all fraudulently created accounts and blocked new account creations from foreign IP addresses. The agency continues monitoring claims for suspicious activity and is issuing new MBIs as needed.
Beneficiaries are advised to review their Medicare Summary Notices for unfamiliar charges and report any suspicious activity to 1-800-MEDICARE or the Office of Inspector General. They are also encouraged to obtain free annual credit reports and file reports with law enforcement or the Federal Trade Commission if identity theft concerns arise.
For further questions or information, beneficiaries can contact 1-800-MEDICARE directly.
Information from this article can be found here.
