Medicare data breach exposes 100,000 Americans’ info

Medicare data breach exposes 100,000 Americans’ info

Worried your Medicare data info was exposed? Here’s how to secure your data

by Kurt Knutsson
image_printPrint this article

Healthcare data continues to be a top target for cybercriminals. In June alone, two major breaches compromised over 13 million patient records. Now, a newly confirmed Medicare data breach has affected more than 100,000 Americans.

The Centers for Medicare & Medicaid Services (CMS) sent letters this week to those affected, confirming that hackers accessed sensitive data linked to Medicare.gov accounts.

 

 

A person typing on a MacBook

 

What you need to know about the Medicare data breach

The breach traces back to suspicious activity starting in late 2023. According to CMS, cybercriminals used stolen personal data from external sources to fraudulently create Medicare.gov accounts.

That information included:

  • Full names
  • Dates of birth
  • ZIP codes
  • Medicare Beneficiary Identifiers (MBIs)
  • Medicare coverage details

CMS began receiving alerts in May 2025 when people reported receiving account confirmation letters for accounts they had not created. This triggered an internal investigation. Hackers not only created unauthorized accounts but, in some cases, accessed additional sensitive data such as:

  • Home addresses
  • Provider and diagnosis codes
  • Services received
  • Plan premium details

 

How CMS is responding

CMS has deactivated all affected accounts and is mailing new Medicare cards to the estimated 103,000 individuals impacted. The agency says no confirmed identity theft cases have been reported yet. CMS stressed the action is being taken out of “an abundance of caution,” but the breach raises questions about federal cybersecurity safeguards.

A doctor is using phone

 

What happens next for those affected by the Medicare data breach 

If you’re one of the people affected by the Medicare data breach:

  • Watch your mailbox for a replacement Medicare card
  • Monitor your Medicare.gov account for suspicious activity
  • Report unauthorized services or charges immediately

CMS is still investigating how the attackers obtained such accurate personal data and whether more individuals may be at risk.

 

Who’s behind the Medicare data breach?

So far, CMS has not identified the attackers. However, the use of valid personal information suggests that the hackers may have obtained data from prior breaches or leaks on other platforms. This breach reveals a troubling vulnerability in the federal healthcare system, where hackers can exploit existing data to create legitimate-looking accounts and access deeply personal medical information.

A healthcare professional typing on a MacBook

 

5 ways you can stay safe after a Medicare data breach

Here are five important steps you can take right now to protect your Medicare information and reduce your risk of identity theft after the breach.

More from CyberGuy
🎙 Now Streaming
Latest CyberGuy Report podcast episode

Watch the latest episode of The CyberGuy Report.

Watch the latest CyberGuy podcast episode on YouTube
Subscribe: Apple | Spotify | YouTube
📱 Free class recording: Lock down your phone

Missed this event? Sign up via the registration form and see our live recording.

🛒 This week’s top Amazon deals

See Kurt’s latest Amazon picks for useful gadgets, smart home upgrades and everyday tech worth grabbing while the deals last.

×

Latest CyberGuy Report podcast episode

 

1) Watch for unusual account activity

Regularly check your Medicare and healthcare accounts for changes you did not make. Be cautious of unfamiliar services, charges, or communications from providers you don’t recognize.

 

2) Use an identity theft protection service

In light of the Medicare data breach, where bad actors used valid personal details to create fake accounts, enrolling in a trusted identity theft protection service can offer an extra layer of defense. These services monitor your Social Security number, email, phone number, and other sensitive data to alert you if it’s being sold on the dark web or used to open fraudulent accounts.

Many top-rated services also help you freeze your credit and bank accounts and offer expert support if your identity is compromised. My top pick includes up to $1 million in identity theft insurance to cover stolen funds and legal fees, plus access to a U.S.-based fraud resolution team that helps you recover faster.

One of the best parts of my top pick, Aura Identity Protection, is its all-in-one approach to safeguarding your personal and financial life. Aura includes identity theft insurance of up to $1 million per adult to cover eligible losses and legal fees, plus 24/7 U.S.-based fraud resolution support with dedicated case managers ready to help restore your identity fast.

Exclusive CyberGuy deal: Save up to 68% today: Get Aura’s award-winning identity theft protection and credit monitoring for as low as $9/month when billed annually.

See my full list of trusted identity theft protection services and expert tips to stay safe online.

 

3) Secure your Medicare information

Never share your Medicare number or card details with anyone over the phone or email, unless you initiated the contact and trust the source. Treat it like a credit card.

 

4) Remove personal data

If you believe your information is being misused, remove it from the internet. A service like Incogni can help you remove all this personal information from the internet. It has a very clean interface and will scan 195 websites for your information and remove it, and keep it removed.

Incogni, a service I trust 100% and use myself, helps automate the process by submitting removal requests to hundreds of data brokers and people-search sites on your behalf.

Incogni automatically contacts data brokers on your behalf and requests the removal of your personal information. It also continues monitoring those sites and submits new removal requests if your data reappears.

  • Incogni currently removes personal data from 420+ data broker and people-search websites, and its Unlimited plan allows you to request removals from as many additional sites as you need.
  • Incogni has also received third-party assurance from Deloitte, validating its marketing claims.
  • The goal is simple: make it much harder for strangers, scammers, and cybercriminals to find your personal information online.

CyberGuy Exclusive: 60% off

CyberGuy readers get 60% off Incogni’s annual plans using the links in this article.

The service also includes a 30-day money-back guarantee, so you can try it risk-free and see how much of your information is exposed online.

Get Incogni and remove your info
Get Incogni’s Family Plan

   

 

Is your personal information exposed online?
Run a free scan to see if your personal info is compromised. Results arrive by email in about an hour.

 

5) Report fraud to Medicare and the FTC

If you notice suspicious activity, report it directly by calling 1-800-MEDICARE (1-800-633-4227) to report Medicare fraud. Also, file a report at IdentityTheft.gov to create a recovery plan with the Federal Trade Commission (FTC). This not only helps you recover faster but also contributes to broader investigations that protect others.

 

Related links:

 

 

Kurt’s key takeaway

Medicare breach may not have resulted in confirmed cases of identity theft so far, but that does not mean the situation should be taken lightly or dismissed as low risk. It took malicious actors less than two years to create over 100,000 fake Medicare accounts using valid personal information, which suggests a significant weakness in how sensitive data is being protected and monitored at the federal level.

Do you think healthcare organizations are doing enough to protect your data? Let us know in the comments below.

FOR MORE OF MY TECH TIPS & SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE

 

 

Copyright 2025 CyberGuy.com.  All rights reserved.  CyberGuy.com articles and content may contain affiliate links that earn a commission when purchases are made.

image_printPrint this article

   
 
 
🎙 Now Streaming: My New Podcast: The CyberGuy Report

   


 

Kurt’s Top Deals

Deals move fast and inventory can be limited, so don’t wait too long.

🔥 Editor’s pick
Summer entertaining
Ninja SLUSHi Machine
(26% off)
Frozen drinks and slushies at home in minutes.
 
Patriotic pick
American Flag
(19% off)
Heavyweight outdoor American flag.
💰 Top deal
Outdoor essential
TYPEC Solar Bug Zapper
(36% off)
Solar-powered bug zappers for patios and camping.
 
Car tech
ROVE R3 Dash Cam
(33% off)
Front, rear and cabin camera coverage.

3 comments

Nancy July 12, 2025 - 5:14 am

I work for a neurologist in NYC and the staff is very careless about privacy and exploring online. They should be taking these attacks more seriously.

Reply
John B. July 12, 2025 - 7:49 am

How about ARREST some of these criminals!!! And make a BIG DEAL OUT OF IT!!!

Reply
Pam R August 11, 2025 - 2:54 pm

I don’t believe any of the companies that are using electronic records are safeguarding our personal information enough. they know this saves them a lot of money but they’re not putting in the extra cost for better coverage to protect us

Reply

Leave a Comment

Free newsletter

Get my free CyberGuy Report

Get my latest tech news, security alerts, tips and deals delivered straight to your inbox.

No spam. No sharing your email. Ever.

🎁

Bonus: Get my FREE Ultimate Scam Survival Guide instantly when you sign up.

By signing up, you agree to our Terms of Service and Privacy Policy . You may unsubscribe at any time.

Tips to avoid our newsletters going to your junk folder