Healthcare data continues to be a top target for cybercriminals. In June alone, two major breaches compromised over 13 million patient records. Now, a newly confirmed Medicare data breach has affected more than 100,000 Americans.
The Centers for Medicare & Medicaid Services (CMS) sent letters this week to those affected, confirming that hackers accessed sensitive data linked to Medicare.gov accounts.

What you need to know about the Medicare data breach
The breach traces back to suspicious activity starting in late 2023. According to CMS, cybercriminals used stolen personal data from external sources to fraudulently create Medicare.gov accounts.
That information included:
- Full names
- Dates of birth
- ZIP codes
- Medicare Beneficiary Identifiers (MBIs)
- Medicare coverage details
CMS began receiving alerts in May 2025 when people reported receiving account confirmation letters for accounts they had not created. This triggered an internal investigation. Hackers not only created unauthorized accounts but, in some cases, accessed additional sensitive data such as:
- Home addresses
- Provider and diagnosis codes
- Services received
- Plan premium details
How CMS is responding
CMS has deactivated all affected accounts and is mailing new Medicare cards to the estimated 103,000 individuals impacted. The agency says no confirmed identity theft cases have been reported yet. CMS stressed the action is being taken out of “an abundance of caution,” but the breach raises questions about federal cybersecurity safeguards.

What happens next for those affected by the Medicare data breach
If you’re one of the people affected by the Medicare data breach:
- Watch your mailbox for a replacement Medicare card
- Monitor your Medicare.gov account for suspicious activity
- Report unauthorized services or charges immediately
CMS is still investigating how the attackers obtained such accurate personal data and whether more individuals may be at risk.
Who’s behind the Medicare data breach?
So far, CMS has not identified the attackers. However, the use of valid personal information suggests that the hackers may have obtained data from prior breaches or leaks on other platforms. This breach reveals a troubling vulnerability in the federal healthcare system, where hackers can exploit existing data to create legitimate-looking accounts and access deeply personal medical information.

5 ways you can stay safe after a Medicare data breach
Here are five important steps you can take right now to protect your Medicare information and reduce your risk of identity theft after the breach.
Watch the latest episode of The CyberGuy Report.
Missed this event? Sign up via the registration form and see our live recording.
See Kurt’s latest Amazon picks for useful gadgets, smart home upgrades and everyday tech worth grabbing while the deals last.
1) Watch for unusual account activity
Regularly check your Medicare and healthcare accounts for changes you did not make. Be cautious of unfamiliar services, charges, or communications from providers you don’t recognize.
2) Use an identity theft protection service
In light of the Medicare data breach, where bad actors used valid personal details to create fake accounts, enrolling in a trusted identity theft protection service can offer an extra layer of defense. These services monitor your Social Security number, email, phone number, and other sensitive data to alert you if it’s being sold on the dark web or used to open fraudulent accounts.
Many top-rated services also help you freeze your credit and bank accounts and offer expert support if your identity is compromised. My top pick includes up to $1 million in identity theft insurance to cover stolen funds and legal fees, plus access to a U.S.-based fraud resolution team that helps you recover faster.
One of the best parts of my top pick, Aura Identity Protection, is its all-in-one approach to safeguarding your personal and financial life. Aura includes identity theft insurance of up to $1 million per adult to cover eligible losses and legal fees, plus 24/7 U.S.-based fraud resolution support with dedicated case managers ready to help restore your identity fast.
Exclusive CyberGuy deal: Save up to 68% today: Get Aura’s award-winning identity theft protection and credit monitoring for as low as $9/month when billed annually.
See my full list of trusted identity theft protection services and expert tips to stay safe online.
3) Secure your Medicare information
Never share your Medicare number or card details with anyone over the phone or email, unless you initiated the contact and trust the source. Treat it like a credit card.
4) Remove personal data
If you believe your information is being misused, remove it from the internet. A service like Incogni can help you remove all this personal information from the internet. It has a very clean interface and will scan 195 websites for your information and remove it, and keep it removed.
Incogni, a service I trust 100% and use myself, helps automate the process by submitting removal requests to hundreds of data brokers and people-search sites on your behalf.
Incogni automatically contacts data brokers on your behalf and requests the removal of your personal information. It also continues monitoring those sites and submits new removal requests if your data reappears.
- Incogni currently removes personal data from 420+ data broker and people-search websites, and its Unlimited plan allows you to request removals from as many additional sites as you need.
- Incogni has also received third-party assurance from Deloitte, validating its marketing claims.
- The goal is simple: make it much harder for strangers, scammers, and cybercriminals to find your personal information online.
CyberGuy readers get 60% off Incogni’s annual plans using the links in this article.
The service also includes a 30-day money-back guarantee, so you can try it risk-free and see how much of your information is exposed online.
Is your personal information exposed online?
Run a free scan to see if your personal info is compromised. Results arrive by email in about an hour.
5) Report fraud to Medicare and the FTC
If you notice suspicious activity, report it directly by calling 1-800-MEDICARE (1-800-633-4227) to report Medicare fraud. Also, file a report at IdentityTheft.gov to create a recovery plan with the Federal Trade Commission (FTC). This not only helps you recover faster but also contributes to broader investigations that protect others.
Related links:
- Doubleclickjacking hack turns double-clicks into account takeovers
- Malware exposes 3.9 billion passwords in huge cybersecurity threat
Kurt’s key takeaway
Medicare breach may not have resulted in confirmed cases of identity theft so far, but that does not mean the situation should be taken lightly or dismissed as low risk. It took malicious actors less than two years to create over 100,000 fake Medicare accounts using valid personal information, which suggests a significant weakness in how sensitive data is being protected and monitored at the federal level.
Do you think healthcare organizations are doing enough to protect your data? Let us know in the comments below.
FOR MORE OF MY TECH TIPS & SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE
Copyright 2025 CyberGuy.com. All rights reserved. CyberGuy.com articles and content may contain affiliate links that earn a commission when purchases are made.

3 comments
I work for a neurologist in NYC and the staff is very careless about privacy and exploring online. They should be taking these attacks more seriously.
How about ARREST some of these criminals!!! And make a BIG DEAL OUT OF IT!!!
I don’t believe any of the companies that are using electronic records are safeguarding our personal information enough. they know this saves them a lot of money but they’re not putting in the extra cost for better coverage to protect us