Hack Exposes Personal Information of 103,000 Medicare Beneficiaries

The Centers for Medicare & Medicaid Services is notifying approximately 103,000 Medicare beneficiaries that their personal information may have been compromised in a significant data breach involving unauthorized Medicare.gov account creation.

Hackers were able to access Medicare beneficiaries' sensitive information, including medical services accessed and coverage information. Bogus accounts were opened using the stolen information, and this has prompted CMS to deactivate the affected accounts.

Affected beneficiaries will receive new Medicare cards with new numbers, but they may want to take additional steps to safeguard their personal information.

What happened?

CMS first became aware of suspicious activity on May 2, 2025, after receiving inquiries from beneficiaries who were mailed confirmation letters for Medicare.gov accounts they had never opened.

A subsequent investigation revealed that cyber criminals had fraudulently created new accounts using valid beneficiary data, including names, dates of birth, ZIP codes and Medicare Beneficiary Identifiers.

Once these unauthorized accounts were established, the hackers were able to access additional sensitive information, including:

• Mailing addresses

• Diagnosis codes

• Services received

• Provider information

• Plan premium details

• Dates of service

CMS response and next steps

In response to the breach, CMS took immediate action. It:

• Deactivated all fraudulently created accounts.

• Disabled the ability to create Medicare.gov accounts from foreign IP addresses.

• Launched a comprehensive investigation into the breach.

• Initiated the process of issuing new Medicare cards and numbers to affected individuals, who will receive a letter from CMS explaining the situation.

CMS has emphasized that there is no evidence so far of direct identity theft or misuse of Medicare benefits. However, the agency stated it is acting "out of an abundance of caution" to safeguard personal information and minimize risk.

What affected beneficiaries can do

If you've been notified by CMS or are concerned your information may have been exposed, take the following steps to protect yourself:

• Review your Medicare statements — Carefully examine your Medicare Summary Notices and Explanation of Benefits for unfamiliar charges, services or providers.

• Report suspicious activity — Call 1-800-MEDICARE or contact the Office of Inspector General if you see anything out of the ordinary.

• Monitor your credit — You can ask any of the major credit rating agencies for a free credit report once a year. If you are concerned, you can ask them to freeze your credit, which prevents anyone from trying to open an account in your name.

• Report identity theft — If you suspect fraud, report it to the Federal Trade Commission at IdentityTheft.gov or call 1-877-IDTHEFT. You may also want to file a report with local police.

• Secure your Medicare information — Treat your Medicare number like a credit card; don't share it unless you initiated the contact and trust the source.

The takeaway

While there are no confirmed cases of identity theft stemming from this breach yet, the fact that attackers accessed personal medical and billing data of over 100,000 Americans is alarming.

Even if your data was not subject to exposure, always take care to protect your Medicare information. That includes never sharing your Medicare number or card details with anyone over the phone or e-mail, unless you initiated the contact and trust the source.