On March 20, House Oversight Committee Chair James Comer (R-KY) and House Energy and Commerce Committee Chair Cathy McMorris Rodgers (R-WA) announced they would investigate Centers for Medicare & Medicaid Services (CMS) for its response to a data breach of a subcontractor in October 2022 that put the personal data of more than 250,000 Medicare beneficiaries at risk.  

In a letter to CMS, the lawmakers noted it took two months to determine that the attack was a “major incident” before alerting Congress. According to a CMS spokesperson, CMS will respond to the letter directly, but pointed to a CMS press release issued in December that outlined the agency’s next steps—which included notifying beneficiaries of the breach, and supplying them with an updated Medicare Beneficiary Identifier and credit monitoring services free of charge.