Older Medicare numbers used Social Security numbers
A consulting firm that provides civil litigation support to the U.S. Department of Justice has sent notification letters to 341,650 Medicare members whose information they had been entrusted with.
The letter from Boston-based Greylock McKinnon Associates, Inc. reassured recipients that they were not the target the DOJ investigation or the associated litigation matters, but:
Your personal and Medicare information was likely affected in this incident. This information may have included your name, date of birth, address, Medicare Health Insurance Claim Number (which contains a Social Security number associated with a member) and some medical information and/or health insurance information.
The incident was reported to the Maine Attorney General’s Office. The notification letter indicates that GMA learned of the breach on May 30, but they do not provide details about the incident or whether it was related to the MOVEit breach that affected many entities at that time.
The letter also informs recipients that GMA deleted all of the DOJ data after the breach. They do not explain whether DOJ required them to do that or if it was done on their own initiative.
Medicare members’ information is generally protected health information (PHI), but PHI may lose its protected status under certain conditions. Data Breach Times does not know whether this incident will be reported to the U.S. Department of Health and Human Services under HIPAA or not.