The Maximus data breach has led to the exposure of personal details of 612,000 Medicare beneficiaries and millions of other healthcare consumers. This breach happened due to an issue with the MOVEit Transfer software from Progress Software, which was used on the corporate network of Maximus Federal Services, a Medicare contractor, according to a statement from the Center for Medicare & Medicaid Services (CMS).
Maximus data breach might affect over 11 million people
Maximus has stated that this breach could affect up to 11 million individuals. The breach, which took place in May and was publicized by CMS on July 28, involved personal identifiable information (PII) and protected health information (PHI) of Medicare beneficiaries.
CMS noted that the exposed information may include names, phone numbers, email addresses, Social Security numbers, details about healthcare providers and prescriptions, and health insurance claims. They also reassured that neither CMS nor the Department of Health and Human Services systems were impacted by this breach.
Currently, CMS and Maximus are in the process of informing Medicare beneficiaries who might have been affected by this breach. They are also providing two years of free credit monitoring services.
“Data privacy and security are among our top priorities, and we are committed to protecting the data entrusted to us. To be clear, we have not identified any impact from the MOVEit vulnerability on other parts of our corporate network and remain confident in the integrity of the network,” Maximus told Kiplinger in a statement.
Ani Chaudhuri, who is the CEO of Dasera, a data security company in Saratoga, California, informed Kiplinger that the Maximus data breach happened because of an unidentified weak spot in the MOVEit software.
“When the creators of MOVEit announced the vulnerability on May 31, 2023, it was clear the gap allowed unauthorized actors to gain access to MOVEit servers, in this case, compromising sensitive consumer data,” Chaudhuri said.
“Companies like Maximus use [services such as MOVEit] to send, receive and store sensitive information, making them attractive targets for cybercriminals. This incident underscores the importance of maintaining robust and updated security measures, regularly auditing software for vulnerabilities, and adopting a proactive approach to data governance,” he added.
How to position yourself against data breaches?
Regrettably, the Maximus data breach is not a unique incident. It joins a long list of cyber attacks that have left millions of people vulnerable and concerned about their personal information. It’s important to remember that, given the increasingly digital nature of our lives and the vast amount of data handled by companies and government agencies, such incidents will not be the last.
To protect yourself, it’s critical to remain vigilant and informed. Always be careful with whom and where you share your personal information. Ensure you use strong, unique passwords for each of your online accounts and consider utilizing two-factor authentication where available. Regularly monitor your financial transactions and report any suspicious activity promptly.
People affected by the Maximus data breach need to be vigilant and cautious in the upcoming period. It’s important to follow several steps to ensure their personal information remains safe.
- Firstly, be on high alert for phishing attempts that might come in the form of emails, texts, or phone calls. These deceitful communications are often designed to look like they’re coming from trusted sources, such as your bank or even Medicare itself.
- Secondly, remember that the individuals behind the breach, or others who might have bought the stolen information, could already possess certain details about you. They may use this existing data to try to trick you into providing additional personal information.
- As a best practice, never provide personal information in response to an unsolicited request, whether it’s via email, text, or phone call. Always double-check the source of the request by contacting the company directly using official contact details. Also, consider changing passwords and monitoring your financial transactions closely for any suspicious activities.
In doing so, you can protect yourself against the possible negative effects of this data breach.
Build a wall around your sensitive data with advanced threat protection
Featured image credit: Kerem Gülen/Midjourney