Not a scam: Georgia Medicare beneficiaries are receiving letters about info breach

HENRY COUNTY, Ga. — Hundreds of thousands of Medicare beneficiaries are receiving letters warning their most personal and private information has been breached in a hack.

The letter from a Medicare contractor called Maximus is not junk mail or a scam. It was sent to 612,000 Medicare recipients.

Stockbridge resident Jan Whisnant almost shredded the letter from Maximus until she noticed the Medicare logo inside.

“It just... it freaked me out,” Whisnant said.

The letter details a long list of private data that may have been stolen including Social Security, tax ID and driver’s license numbers, as well as birth dates, addresses, emails and medical records.

“They should have all the information safeguarded,” Whisnant said.

The letter tells beneficiaries identified as victims of the breach, “We have determined that your personal and Medicare information was involved in this incident.”

“It has stressed me out to the point that it gives me anxiety. I have panic attacks,” Whisnant said.

The Maximus hack is tied to a third-party software product called MOVEit.

95.5 WSB reported in June that Russian hackers targeted a vulnerability in MOVEit software at a variety of state and government agencies, including the University System of Georgia.

The hack targeting Georgia Medicare beneficiaries took place in May, but the warning letters are just now going out to victims.

“I’m mad. I am mad about it, especially since it has gone on since May,” Whisnant said.

Maximus is providing 24 months of free credit monitoring from Experian to those impacted by the hack.

The Center for Medicare and Medicaid Services says no CMS systems were impacted.

CMS is investigating the attack and has also shut down and installed patches on the targeted MOVEit software.