CMS subcontractor hit with ransomware

Vendor Healthcare Management Solutions (HMS) has potentially breached its obligations to CMS, the agency that notified CMS on October 9 about a ransomware attack on HMS. The breach has the potential to impact up to 254,000 Medicare beneficiaries. The compromised data includes personally identifiable information (PII) and protected health information. CMS is notifying affected beneficiaries and providing them with new Medicare cards and free credit monitoring services. The breach highlights the vulnerability of the healthcare sector to supply chain attacks. Third-party risks in the healthcare industry cost nearly $24 billion per year.