Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
Centers for Medicare & Medicaid Services

Centers for Medicare & Medicaid Services Vendor Cyber Rating & Cyber Score

cms.gov

The Centers for Medicare & Medicaid Services (CMS), a federal agency within the U.S. Department of Health and Human Services, is one of the largest purchasers of health care in the world. Medicare, Medicaid, the Children's Health Insurance Program (CHIP) and the Health Insurance Marketplace provide coverage for more than 160 million Americans. The United States Government does not discriminate in employment on the basis of race, color, religion, sex (including pregnancy and gender identity), national origin, political affiliation, sexual orientation, marital status, disability, genetic information, age, membership in an employee organization, retaliation, parental status, military service, or other non-merit factor. Federal agencies must


CMMS A.I CyberSecurity Scoring

CMMS
Company Information
Website:http://www.cms.gov
Employees number:6,114
Number of followers:629,033
NAICS:92
Industry Type:Government Administration
Homepage:cms.gov
CMMS Risk Score (AI oriented)
Between 0 and 549
logo
CMMSGovernment Administration
Updated:
23/06/2026
524/1000
Critical
C
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
CMMS Global Score (TPRM)
xxxx
logo
CMMSGovernment Administration
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

CMMS
CMMSCritical
Current Score
524C (CRITICAL)
01000
7 incidents
-99.5 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
528Before Incident
JUNE 2026
605Before Incident
Breach
22 Jun 2026CMMS
Medicare, AARP Alabama and Alabama Department of Senior Services: Fake Medicare cards are showing up in Alabama mailboxes: How to spot the scam

Scammers Exploit Medicare Data Breach with Fake Plastic Cards

524After Incident
CRITICAL-81
CENAARADP1782189003
Scammers Exploit Medicare Data Breach with Fake Plastic Cards Following a Medicare data breach earlier this year, 1.3 million beneficiaries are receiving new paper Medicare cards in the mail but scammers are capitalizing on the situation by distributing fake plastic cards designed to steal personal and financial information. The Alabama Department of Senior Services has issued a warning after fraudulent cards began appearing in mailboxes statewide. These counterfeit cards urge recipients to "activate" them, a tactic used to harvest sensitive data. According to Jamie Harding of AARP Alabama, scammers are leveraging awareness of the breach to deceive victims. If activated, the fake cards could expose Social Security numbers, Medicare numbers (enabling fraudulent charges), and even bank account details. Official Medicare cards are always made of paper, never plastic, and require no activation or payment. AARP Alabama reports that scammers have already targeted real individuals, including one of their volunteers. Authorities urge beneficiaries to verify any unexpected cards and report suspicious activity to Medicare (1-800-MEDICARE) or the Alabama Department of Senior Services (1-800-AGE-LINE). Those who may have fallen victim should contact local law enforcement.
INCIDENT DETAILS -
TYPE
Phishing/Scam
MOTIVATION
Financial gain, identity theft
IMPACT
Data Compromised: Social Security numbers, Medicare numbers, bank account detailsBrand Reputation Impact: Negative impact on Medicare's reputationIdentity Theft Risk: HighPayment Information Risk: High
DATA BREACH
Type Of Data Compromised: Personal and financial informationNumber Of Records Exposed: 1.3 million beneficiaries at riskSensitivity Of Data: High (Social Security numbers, Medicare numbers, bank account details)Personally Identifiable Information: Social Security numbers, Medicare numbers
MAY 2026
717Before Incident
Breach
01 May 2026CMMS
Medicare and Centers for Medicare & Medicaid Services: Medicare breach exposes doctors’ data

Medicare Data Breach Exposes Sensitive Physician Information

599After Incident
CRITICAL-118
CEN1777674470
Medicare Data Breach Exposes Sensitive Physician Information A recent breach in Medicare’s systems has compromised sensitive data belonging to healthcare providers across the U.S. The incident, disclosed by federal officials, exposed personally identifiable information (PII) of physicians, including names, National Provider Identifier (NPI) numbers, and in some cases, Social Security numbers. The breach occurred due to a vulnerability in a third-party contractor’s software, which was used to process Medicare claims. While the exact timeline remains under investigation, initial reports suggest unauthorized access may have persisted for several months before detection. The Centers for Medicare & Medicaid Services (CMS) confirmed the exposure but has not disclosed the total number of affected providers. The incident raises concerns about the security of third-party vendors handling sensitive healthcare data, as well as the potential for identity theft and fraud targeting medical professionals. CMS has stated it is working with law enforcement and cybersecurity experts to mitigate risks and notify impacted individuals. No evidence of misuse has been reported at this time, but the breach underscores ongoing vulnerabilities in healthcare data protection.
INCIDENT DETAILS -
TYPE
Data Breach
IMPACT
Data Compromised: Personally identifiable information (PII) of physicians, including names, National Provider Identifier (NPI) numbers, and Social Security numbersSystems Affected: Medicare claims processing systemBrand Reputation Impact: Raises concerns about healthcare data protectionIdentity Theft Risk: Potential for identity theft and fraud targeting medical professionals
DATA BREACH
Type Of Data Compromised: Personally identifiable information (PII)Sensitivity Of Data: High (Social Security numbers, NPI numbers)Personally Identifiable Information: Names, National Provider Identifier (NPI) numbers, Social Security numbers
Breach
01 May 2026CMMS
Centers for Medicare and Medicaid Services: Error in Medicare database exposes US healthcare providers Social Security numbers – Trump administration directory designed to modernize Medicare encounters another setback

Medicare Provider Database Exposes Social Security Numbers in Public Leak

599After Incident
CRITICAL-118
CEN1777710361
Medicare Provider Database Exposes Social Security Numbers in Public Leak A publicly accessible database used to populate a Medicare provider directory inadvertently exposed the Social Security numbers (SSNs) of U.S. healthcare providers. The directory, launched by the Centers for Medicare and Medicaid Services (CMS) as part of the Trump administration’s efforts to modernize Medicare, was designed to help seniors locate compatible doctors and medical providers. The Washington Post discovered the exposure after downloading and reviewing the database, which was made available under CMS’s data transparency initiatives. CMS acknowledged that SSNs were mistakenly included due to incorrect data entries by providers or their representatives. The agency stated it had taken steps to address the issue and strengthen data validation protocols but did not disclose how many SSNs were exposed or whether affected providers had been notified. The database was removed after the Post alerted health officials. One physician, speaking anonymously, expressed confusion over how Medicare officials obtained their SSN. The incident adds to prior criticisms of the modernization effort, which has faced issues such as mismatched insurance coverage. In November, Senators Jeff Merkley (D-Oregon) and Ron Wyden (D-Oregon) raised concerns in a letter to CMS, warning that rushed implementation could mislead seniors and result in unexpected medical bills.
INCIDENT DETAILS -
TYPE
Data Exposure
IMPACT
Data Compromised: Social Security numbers (SSNs)Systems Affected: Medicare provider directory databaseBrand Reputation Impact: Potential reputational damage to CMSIdentity Theft Risk: High
DATA BREACH
Type Of Data Compromised: Personally Identifiable Information (PII)Sensitivity Of Data: High (SSNs)Personally Identifiable Information: Social Security numbers (SSNs)
APRIL 2026
717Before Incident
MARCH 2026
715Before Incident
FEBRUARY 2026
714Before Incident
JANUARY 2026
713Before Incident
DECEMBER 2025
711Before Incident
NOVEMBER 2025
710Before Incident
OCTOBER 2025
708Before Incident
SEPTEMBER 2025
707Before Incident
AUGUST 2025
705Before Incident
JUNE 2025
775Before Incident
Breach
01 Jun 2025CMMS
Centers for Medicare & Medicaid Services (CMS)

Medicare Data Breach

700After Incident
CRITICAL-75
CEN821071225
In June, two major breaches compromised over 13 million patient records. Now, a newly confirmed Medicare data breach has affected more than 100,000 Americans. Hackers accessed sensitive data linked to Medicare.gov accounts, including full names, dates of birth, ZIP codes, Medicare Beneficiary Identifiers (MBIs), Medicare coverage details, home addresses, provider and diagnosis codes, services received, and plan premium details. CMS has deactivated all affected accounts and is mailing new Medicare cards to the estimated 103,000 individuals affected. No confirmed identity theft cases have been reported yet.
INCIDENT DETAILS -
TYPE
Data Breach
MOTIVATION
Data Theft
IMPACT
Full namesDates of birthZIP codesMedicare Beneficiary Identifiers (MBIs)Medicare coverage detailsHome addressesProvider and diagnosis codesServices receivedPlan premium detailsMedicare.gov AccountsHigh
DATA BREACH
Personal InformationMedical InformationNumber Of Records Exposed: 103,000HighFull namesDates of birthZIP codesMedicare Beneficiary Identifiers (MBIs)Medicare coverage detailsHome addressesProvider and diagnosis codesServices receivedPlan premium details
SEPTEMBER 2024
778Before Incident
Vulnerability
09 Sep 2024CMMS
Centers for Medicare & Medicaid Services (CMS)

CMS and WPS Data Breach via MOVEit Software Vulnerability

772After Incident
CRITICAL-6
CEN001040525
CMS and WPS are notifying individuals of a security incident that resulted from a vulnerability in MOVEit software, leading to potential unauthorized access to personal information. This incident has potentially compromised PII of Medicare beneficiaries, impacting Medicare claims management and healthcare provider CMS audits. Approximately 946,801 people with Medicare are being affected with notifications being dispatched.
INCIDENT DETAILS -
TYPE
Data Breach
MOTIVATION
Unauthorized access to personal information
IMPACT
Data Compromised: Personal Information, Medicare claims dataSystems Affected: MOVEit softwareOperational Impact: Impact on Medicare claims management and healthcare provider CMS audits
DATA BREACH
Type Of Data Compromised: Personal InformationSensitivity Of Data: HighPersonally Identifiable Information: Yes
JUNE 2023
778Before Incident
Vulnerability
16 Jun 2023CMMS
Centers for Medicare & Medicaid Services (CMS)

CMS Medicare Data Breach

772After Incident
CRITICAL-6
CEN001033025
On September 6, CMS announced a data breach notification stemming from a security vulnerability in MOVEit, a file transfer application by Progress Software, used by the contractor WPS. This breach potentially affected the sensitive data of around 946,801 Medicare beneficiaries, compromising personal information collected for Medicare claims management and supporting CMS healthcare provider audits. The data may include PII of both Medicare beneficiaries and non-beneficiaries. The breach was detected between May 27 and 31, 2023, with CMS being notified on July 8. Affected individuals are being contacted via mail.
INCIDENT DETAILS -
TYPE
Data Breach
IMPACT
Data Compromised: Personal Information
DATA BREACH
Type Of Data Compromised: PII of Medicare beneficiaries and non-beneficiariesNumber Of Records Exposed: 946,801Sensitivity Of Data: High
JUNE 2023
789Before Incident
Vulnerability
31 May 2023CMMS
Centers for Medicare & Medicaid Services (CMS)

CMS and WPS Data Breach

778After Incident
CRITICAL-11
CEN000091524
CMS, in collaboration with its contractor WPS, is addressing a breach where private health information may have been exposed due to a vulnerability in MOVEit software used for Medicare administrative tasks. The incident exposed personal data of Medicare beneficiaries and additional PII for CMS audits. The breach, discovered between May 27 and May 31, 2023, affected approximately 946,801 individuals, leading to notifications being sent to those impacted.
INCIDENT DETAILS -
TYPE
Data Breach
IMPACT
Personal data of Medicare beneficiariesPII for CMS auditsSystems Affected: MOVEit software
DATA BREACH
Personal data of Medicare beneficiariesPII for CMS auditsSensitivity Of Data: High

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for CMMS ?
?
What was CMMS's A.I Rankiteo Cyber Score in June 2026 ?
?
What was CMMS's A.I Rankiteo Cyber Score in May 2026 ?
?
What was CMMS's A.I Rankiteo Cyber Score in April 2026 ?
?
What was CMMS's A.I Rankiteo Cyber Score in March 2026 ?
?
What was CMMS's A.I Rankiteo Cyber Score in February 2026 ?
?
What was CMMS's A.I Rankiteo Cyber Score in January 2026 ?
?
What was CMMS's A.I Rankiteo Cyber Score in December 2025 ?
?
What was CMMS's A.I Rankiteo Cyber Score in November 2025 ?
?
What was CMMS's A.I Rankiteo Cyber Score in October 2025 ?
?
What was CMMS's A.I Rankiteo Cyber Score in September 2025 ?
?
What was CMMS's A.I Rankiteo Cyber Score in August 2025 ?
?
What is the average per-incident point impact on CMMS's A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with CMMS ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view CMMS's profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?