Unidentified "bad actors" may have used Americans' personal information to create up to 103,000 fake Medicare.gov accounts.
Officials at the Centers for Medicare and Medicaid Services — the agency in charge of Medicare and other federal health insurance programs — said that CMS is not sure where the bad actors got the information and has no evidence that the bad actors have misused the fake Medicare.gov accounts in other ways.
But, once bad actors use the information they have to create fake Medicare.gov accounts, they can get people's mailing addresses and diagnosis codes, officials said.
Bad actors could also use the fake accounts to learn the names of people's doctors, the services that people have received and details about how much people are paying for coverage.
What it means: Bad actors may be using some of the personal information that attackers have looted from credit card holders and retirement savers to create fake government program accounts.
That could hurt clients who want to sign up for Medicare, Social Security or other programs.
Bad actors could then use the fake account to steal clients' benefits and take actions that saddle the clients with hard-to-dispute bills for what look like services that the clients have actually received.
The data: The bad actors appear to have enough personal information to create the fake accounts.
That includes people's Medicare Beneficiary Identifier numbers, coverage start dates, last names, dates of birth and ZIP codes.
CMS is not sure where the personal information came from.
How the attack was discovered: CMS learned about the problem May 2, after it noticed that consumers were calling its call center to ask about letters confirming the creation of Medicare.gov accounts that the consumers did not create, officials said.
CMS looked into the matter and found that bad actors began creating the fake accounts in 2023.
The CMS response: Officials said that CMS has deactivated the fake Medicare.gov accounts and blocked people using non-U.S. internet addresses from creating Medicare.gov accounts.
For affected individuals, CMS is replacing the Medicare beneficiary numbers and providing new Medicare cards.
Where to report new suspicious activity: Financial professionals and their clients can call Medicare at 1-800-MEDICARE, or (800) 633-4227.
Credit: Shutterstock
© Arc, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to TMSalesOperations@arc-network.com. For more information visit Asset & Logo Licensing.