Maximus Federal Services, Inc. (“Maximus”) a Medicare Contractor,/Progress MOVEit Breach

On July 28, 2023, the Centers for Medicare & Medicaid Services (“CMS”) announced a contractor for Medicare, Maximus Federal Services, Inc. (“Maximus”), was affected by the Progress MOVEit file transfer vulnerability. CMS estimates 612,000 current Medicare beneficiaries were affected by the breach of information. The exposed personal information and protected health information includes beneficiaries’ name, Social Security Number, date of birth, address, telephone number, email address, driver’s license or state identification number, medical history/notes (including medical record, account numbers, conditions, diagnoses, dates of service, images, treatments etc.), healthcare provider and prescription information, health insurance claims and Policy/Subscriber information, health benefits and enrollment information. According to a CMS press release, from May 27 – May 31, 2023, an unauthorized character obtained copies of files that were saved in the Maximus MOVEit application; and, on May 30, 2023, Maximus detected unusual activity. Maximus stopped use of the MOVEit app on May 31, 2023; and, on June 2, 2023, Maximus notified the CMS of the compromise. The week of July 28, 2023, CMS and Maximus began sending letters to individuals who may have been impacted notifying them of the breach. If you receive a notification that your personal information and/or protected health information was compromised due to Maximus’ use of the Progress Software MOVEit Transfer and you would like additional information about your legal rights, you can contact Goldenberg Schneider, LPA by calling 513-982-1569, sending an email to [email protected] or completing the “Contact Us” form to the right.