In July 2024, it was discovered that files containing the protected health information of approximately 3 million beneficiaries were compromised in a cybersecurity incident involving MOVEit, a file transfer software. Data exposed in the breach included names, Social Security numbers, individual taxpayer identification numbers, dates of birth, mailing addresses, gender, hospital account numbers, and more.
The Centers for Medicare & Medicaid Services (CMS) reported that the breach primarily affected the Wisconsin Physicians Service Insurance Corporation (WPS), a third-party contractor that manages Medicare Part claims on its behalf.
In addition to the WPS incident, CMS estimates that the data of another million beneficiaries may have been leaked. While no evidence of misuse has been found to date, and the breach did not impact members’ coverage, the delayed detection of the breach raises significant concerns.
The breach, though detected in July 2024, is believed to have occurred between May 27 and May 31, 2023 — more than a year earlier. This highlights the urgent need for real-time monitoring systems to prevent similar incidents from going undetected in the future.
Healthcare organisations are increasingly prime targets for cyberattacks due to the vast amounts of sensitive personal, health, and payment information they hold. As healthcare professionals operating in a post-covid world, accessing work data from home also presents a further threat vector for cybercriminals to attack. Otonata can help bolster your defences and protect your personal and work interests.
