Over 100,000 Americans have had their Medicare data compromised by cybercriminals who created fraudulent accounts using stolen personal information. The Centers for Medicare & Medicaid Services (CMS) confirmed the breach in a recent notification, deactivating the affected accounts and preparing to issue new Medicare cards to the approximately 103,000 individuals impacted. This incident is part of a broader pattern of healthcare data breaches, with recent reports indicating that over 13 million patient records were exposed in the U.S. during June alone.
The breach was identified in May 2025 when users reported receiving account confirmation emails for accounts they did not create. This triggered an internal investigation by CMS, revealing that attackers likely obtained personal data from previous breaches or leaks to create legitimate-looking Medicare accounts. While CMS has not yet confirmed any identity theft cases, the agency has emphasized that these measures are being taken out of