CMMS A.I CyberSecurity Scoring
CMMS
Company Information
Website:http://www.cms.gov
Employees number:6,114
Number of followers:629,033
NAICS:92
Industry Type:Government Administration
Homepage:cms.gov
CMMS Risk Score (AI oriented)
Between 0 and 549
CMMSGovernment Administration
Updated:
23/06/2026
23/06/2026
524/1000
Critical
C
CMMS Global Score (TPRM)
xxxx
CMMSGovernment Administration
Score locked

CMMSCritical
Current Score
524C (CRITICAL)
01000
7 incidents
-99.5 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
528
JUNE 2026
605
Breach
22 Jun 2026 • CMMS
Medicare, AARP Alabama and Alabama Department of Senior Services: Fake Medicare cards are showing up in Alabama mailboxes: How to spot the scam
Scammers Exploit Medicare Data Breach with Fake Plastic Cards
524
CRITICAL-81
CENAARADP1782189003
Scammers Exploit Medicare Data Breach with Fake Plastic Cards
Following a Medicare data breach earlier this year, 1.3 million beneficiaries are receiving new paper Medicare cards in the mail but scammers are capitalizing on the situation by distributing fake plastic cards designed to steal personal and financial information.
The Alabama Department of Senior Services has issued a warning after fraudulent cards began appearing in mailboxes statewide. These counterfeit cards urge recipients to "activate" them, a tactic used to harvest sensitive data. According to Jamie Harding of AARP Alabama, scammers are leveraging awareness of the breach to deceive victims.
If activated, the fake cards could expose Social Security numbers, Medicare numbers (enabling fraudulent charges), and even bank account details. Official Medicare cards are always made of paper, never plastic, and require no activation or payment.
AARP Alabama reports that scammers have already targeted real individuals, including one of their volunteers. Authorities urge beneficiaries to verify any unexpected cards and report suspicious activity to Medicare (1-800-MEDICARE) or the Alabama Department of Senior Services (1-800-AGE-LINE). Those who may have fallen victim should contact local law enforcement.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
MAY 2026
717
Breach
01 May 2026 • CMMS
Medicare and Centers for Medicare & Medicaid Services: Medicare breach exposes doctors’ data
Medicare Data Breach Exposes Sensitive Physician Information
599
CRITICAL-118
CEN1777674470
Medicare Data Breach Exposes Sensitive Physician Information
A recent breach in Medicare’s systems has compromised sensitive data belonging to healthcare providers across the U.S. The incident, disclosed by federal officials, exposed personally identifiable information (PII) of physicians, including names, National Provider Identifier (NPI) numbers, and in some cases, Social Security numbers.
The breach occurred due to a vulnerability in a third-party contractor’s software, which was used to process Medicare claims. While the exact timeline remains under investigation, initial reports suggest unauthorized access may have persisted for several months before detection. The Centers for Medicare & Medicaid Services (CMS) confirmed the exposure but has not disclosed the total number of affected providers.
The incident raises concerns about the security of third-party vendors handling sensitive healthcare data, as well as the potential for identity theft and fraud targeting medical professionals. CMS has stated it is working with law enforcement and cybersecurity experts to mitigate risks and notify impacted individuals. No evidence of misuse has been reported at this time, but the breach underscores ongoing vulnerabilities in healthcare data protection.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
Breach
01 May 2026 • CMMS
Centers for Medicare and Medicaid Services: Error in Medicare database exposes US healthcare providers Social Security numbers – Trump administration directory designed to modernize Medicare encounters another setback
Medicare Provider Database Exposes Social Security Numbers in Public Leak
599
CRITICAL-118
CEN1777710361
Medicare Provider Database Exposes Social Security Numbers in Public Leak
A publicly accessible database used to populate a Medicare provider directory inadvertently exposed the Social Security numbers (SSNs) of U.S. healthcare providers. The directory, launched by the Centers for Medicare and Medicaid Services (CMS) as part of the Trump administration’s efforts to modernize Medicare, was designed to help seniors locate compatible doctors and medical providers.
The Washington Post discovered the exposure after downloading and reviewing the database, which was made available under CMS’s data transparency initiatives. CMS acknowledged that SSNs were mistakenly included due to incorrect data entries by providers or their representatives. The agency stated it had taken steps to address the issue and strengthen data validation protocols but did not disclose how many SSNs were exposed or whether affected providers had been notified. The database was removed after the Post alerted health officials.
One physician, speaking anonymously, expressed confusion over how Medicare officials obtained their SSN. The incident adds to prior criticisms of the modernization effort, which has faced issues such as mismatched insurance coverage. In November, Senators Jeff Merkley (D-Oregon) and Ron Wyden (D-Oregon) raised concerns in a letter to CMS, warning that rushed implementation could mislead seniors and result in unexpected medical bills.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
APRIL 2026
717
MARCH 2026
715
FEBRUARY 2026
714
JANUARY 2026
713
DECEMBER 2025
711
NOVEMBER 2025
710
OCTOBER 2025
708
SEPTEMBER 2025
707
AUGUST 2025
705
JUNE 2025
775
Breach
01 Jun 2025 • CMMS
Centers for Medicare & Medicaid Services (CMS)
Medicare Data Breach
700
CRITICAL-75
CEN821071225
In June, two major breaches compromised over 13 million patient records. Now, a newly confirmed Medicare data breach has affected more than 100,000 Americans. Hackers accessed sensitive data linked to Medicare.gov accounts, including full names, dates of birth, ZIP codes, Medicare Beneficiary Identifiers (MBIs), Medicare coverage details, home addresses, provider and diagnosis codes, services received, and plan premium details. CMS has deactivated all affected accounts and is mailing new Medicare cards to the estimated 103,000 individuals affected. No confirmed identity theft cases have been reported yet.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
SEPTEMBER 2024
778
Vulnerability
09 Sep 2024 • CMMS
Centers for Medicare & Medicaid Services (CMS)
CMS and WPS Data Breach via MOVEit Software Vulnerability
772
CRITICAL-6
CEN001040525
CMS and WPS are notifying individuals of a security incident that resulted from a vulnerability in MOVEit software, leading to potential unauthorized access to personal information. This incident has potentially compromised PII of Medicare beneficiaries, impacting Medicare claims management and healthcare provider CMS audits. Approximately 946,801 people with Medicare are being affected with notifications being dispatched.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
JUNE 2023
778
Vulnerability
16 Jun 2023 • CMMS
Centers for Medicare & Medicaid Services (CMS)
CMS Medicare Data Breach
772
CRITICAL-6
CEN001033025
On September 6, CMS announced a data breach notification stemming from a security vulnerability in MOVEit, a file transfer application by Progress Software, used by the contractor WPS. This breach potentially affected the sensitive data of around 946,801 Medicare beneficiaries, compromising personal information collected for Medicare claims management and supporting CMS healthcare provider audits. The data may include PII of both Medicare beneficiaries and non-beneficiaries. The breach was detected between May 27 and 31, 2023, with CMS being notified on July 8. Affected individuals are being contacted via mail.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
JUNE 2023
789
Vulnerability
31 May 2023 • CMMS
Centers for Medicare & Medicaid Services (CMS)
CMS and WPS Data Breach
778
CRITICAL-11
CEN000091524
CMS, in collaboration with its contractor WPS, is addressing a breach where private health information may have been exposed due to a vulnerability in MOVEit software used for Medicare administrative tasks. The incident exposed personal data of Medicare beneficiaries and additional PII for CMS audits. The breach, discovered between May 27 and May 31, 2023, affected approximately 946,801 individuals, leading to notifications being sent to those impacted.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for CMMS ??
What was CMMS's A.I Rankiteo Cyber Score in June 2026 ??
What was CMMS's A.I Rankiteo Cyber Score in May 2026 ??
What was CMMS's A.I Rankiteo Cyber Score in April 2026 ??
What was CMMS's A.I Rankiteo Cyber Score in March 2026 ??
What was CMMS's A.I Rankiteo Cyber Score in February 2026 ??
What was CMMS's A.I Rankiteo Cyber Score in January 2026 ??
What was CMMS's A.I Rankiteo Cyber Score in December 2025 ??
What was CMMS's A.I Rankiteo Cyber Score in November 2025 ??
What was CMMS's A.I Rankiteo Cyber Score in October 2025 ??
What was CMMS's A.I Rankiteo Cyber Score in September 2025 ??
What was CMMS's A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on CMMS's A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with CMMS ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view CMMS's profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?