noodls browser compatibility check

The security settings of your browser are blocking the execution of scripts.

To use noodls, javascript support must be enabled. Please change your browser's security settings to enable javascript.

If you have changed your browser's security settings, you can click here.

related announcements

News

Columbia College Chicago

Theatre Alum and Nonbinary Runner Jake Fedorowski Featured in 'Runner's[...]
Columbia College Chicago

Almanya Narula '16 Featured in Chicago Reader
BLM - Bureau of Land Management

Notice of Availability of the Ambler Road Final Supplemental[...]

Politics and Policy

U.S. House of Representatives Committee on Energy and Commerce

03/20/2023 | Press release | Distributed by Public on 03/20/2023 09:37

Rodgers, Comer Press for Information on Data Breach of Thousands of Medicare Beneficiaries’ Personally Identifiable Information

News

Letter

Share on

Rodgers, Comer Press for Information on Data Breach of Thousands of Medicare Beneficiaries' Personally Identifiable Information

Mar 20, 2023

Letter

Press Release

Washington, D.C. - House Committee on Energy and Commerce Chair Cathy McMorris Rodgers (R-WA) and House Committee on Oversight and Accountability Chairman James Comer (R-KY) today wrote to Centers for Medicare & Medicare Services (CMS) Administrator Chiquita Brooks-LaSure, requesting documents and communications to assist in investigating CMS's response to a data breach impacting personally identifiable information of approximately 254,000 Medicare beneficiaries.

"On October 8, 2022, [Healthcare Management Solutions, LLC (HMS)] 'was subject to a ransomware attack on its corporate network.' CMS was notified about the data breach a day later, and on October 18, 2022, CMS 'determined with high confidence that the incident potentially included personally identifiable information and protected health information for some Medicare enrollees.' However, it was not until December 1, 2022, that CMS made the determination that the data breach constituted a 'major incident,' as defined in the Federal Information Security Modernization Act of 2014," wrote Rodgers and Comer.

After becoming aware of a major data breach and potential exposure of Medicare beneficiaries' personal information, it took CMS two months to determine that the data breach constituted a "major incident" as defined in the Federal Information Security Modernization Act.

"In other words, bad actors had access to Medicare beneficiaries' information for two months before CMS determined this ransomware attack was a 'major incident,' triggering a legal obligation to inform Congress of such incident. [...] The compromised information potentially includes the following personally identifiable information (PII) and protected health information (PHI): name, address, date of birth, phone number, Social Security Number, Medicare beneficiary identifier, banking information, including routing and account numbers, and Medicare entitlement, enrollment, and premium information," continued Chairs Rodgers and Comer.

CLICK HERE to read the letter to Administrator Brooks-LaSure.

Share on

Sharing and Personal Tools

Please select the service you want to use: