Feds Notify 103,000 Medicare Beneficiaries of Scam, Breach

Agency: Fraudsters Used Valid Beneficiary Info to Create Fake Medicare.gov Accounts Marianne Kolbasuk McGee (HealthInfoSec) • July 2, 2025

The Centers for Medicare and Medicaid Services is notifying 103,000 people that their personal information was potentially compromised by fraudsters who set up scam beneficiary online accounts on Medicare.gov over the last two years.

See Also: The Healthcare CISO's Guide to Medical IoT Security

CMS said in a public statement Monday that in May 2025, it began receiving Medicare call center inquiries from beneficiaries who received letters that confirmed the creation of Medicare.gov accounts they did not initiate.

The agency said it quickly launched an investigation and discovered that "malicious actors had fraudulently created new accounts between 2023 and 2025 using valid beneficiary information, including Medicare Beneficiary Identifiers, coverage start date, last name, date of birth and ZIP code."

That valid Medicare beneficiary information was obtained by ...