Web Analytics

Your Medical Records are NOT Safe Anymore

Medicare, Medicare News / By

Your Medical Records Are NOT Safe Anymore!

Imagine waking up one day to discover that your entire medical history, every diagnosis, your medications, and even your Social Security number have been stolen—and then finding out that all this sensitive information is available for sale on the dark web. This isn’t a nightmare scenario; it became a grim reality for nearly 190 million Americans after the 2024 Change Healthcare data breach, the largest healthcare data breach in U.S. history.

As someone deeply involved in Medicare education and advocacy, I want to share the latest developments, what they mean for you, and, most importantly, what you can do to protect yourself. The Centers for Medicare & Medicaid Services (CMS) recently announced an ambitious new digital health ecosystem that promises to modernize how your Medicare data is stored, shared, and used. But with big tech giants like Google, Amazon, and OpenAI (the creators of ChatGPT), and healthcare behemoths like United Healthcare involved, there are serious privacy and security concerns, especially given the recent history of data breaches and misuse.

Let’s unpack what’s happening, why it matters, and how you can safeguard your personal and medical information in this rapidly changing landscape.

Table of Contents

The Largest Healthcare Data Breach in U.S. History: A Wake-Up Call

In 2024, Change Healthcare—owned by UnitedHealthcare—suffered a massive ransomware attack that compromised the personal data of 190 million Americans. This breach disrupted pharmacies nationwide, delayed medical care, and cost hospitals and clinics billions of dollars. The hackers accessed sensitive data, including medical records and Social Security numbers, and posted some of it on the dark web.

Dark web data breach notification

This incident exposed how fragile our healthcare data system is. The American Hospital Association described it as "the most significant and consequential cyberattack on the US healthcare system in American history." As a result, many clinics faced cash flow problems because billing systems were locked down, leaving medical providers unable to get paid and patients unable to fill prescriptions.

Dr. Christine Meyer, a physician affected by the breach, described the crisis as a personal nightmare. Typically, her practice receives tens of thousands of dollars in daily deposits, but during the breach, those deposits dropped to just $77. She worried not just about payroll but about patient care—patients missing routine checkups, medication refills, and more, which could lead to unnecessary emergency room visits.

Physician discussing financial impact of data breach

How Did This Happen?

The hackers gained access through stolen login credentials and exploited the lack of multi-factor authentication. The breach went unnoticed for weeks, highlighting weak security controls and over-reliance on third-party vendors. In fact, many breaches occur due to human error—61% are caused by employee negligence or insider actions, such as clicking on phishing emails or poor contractor oversight.

This breach is a stark warning about the vulnerabilities in our healthcare data infrastructure—and it’s happening just as CMS is preparing to hand over even more control of your medical records to private companies.

CMS’s New Digital Health Ecosystem: What’s Changing?

On July 30, 2025, CMS, under the leadership of Administrator Dr. Oz, unveiled a “next-generation digital health ecosystem.” This system aims to replace paper intake forms and fragmented medical records with a unified, AI-powered platform that allows instant sharing of your medical records with any doctor or hospital.

This initiative brings together 60 CEOs from primary healthcare, insurance, and technology companies—including United Healthcare, Google, Amazon, Apple, OpenAI, and Anthropic—who voluntarily agreed to share patient data under industry-wide electronic medical record standards. The goal is to empower Americans with a modern, streamlined healthcare experience that saves time, money, and lives.

President Trump reportedly instructed CMS to make this happen within six months, and thanks to the cooperation of corporate leaders, CMS expects every American to be using this system soon.

But Here’s the Catch: The Public Was Left Out

Many people don’t realize this wasn’t a sudden announcement. Back in May 2025, CMS quietly published a request for information (RFI) in the Federal Register asking for public comments about expanding access to medical records and involving private tech vendors in handling the data. However, the public comment period closed on June 16, well before the July 30 press conference, and few people even knew about it.

While CMS and prominent tech insiders prepared for this rollout, the average American had no idea what was coming. This lack of transparency raises serious questions about consent, privacy protections, and whether the public’s concerns are being adequately addressed.

Why Should Seniors Be Concerned?

Seniors, especially those on Medicare, are particularly vulnerable in this new data-sharing ecosystem for several reasons:

  • History of Data Breaches: United Healthcare, whose subsidiary Change Healthcare was at the center of the 2024 breach, is now a key player in this new system.
  • Exposure to Fraud: Seniors are prime targets for identity theft and fraud. With detailed Medicare records—including Social Security numbers, medical conditions, prescriptions, and doctor notes—exposed, the risk of fraud increases exponentially.
  • AI and Privacy Risks: CMS is partnering with AI giants like OpenAI and Google. While AI can improve healthcare outcomes, it also introduces risks. Will your Medicare data be used to train AI systems? Can you opt out? What happens if hackers breach these AI companies?

These are not hypothetical concerns. The Change Healthcare breach disrupted care for months, and this new system connects every Medicare record to a network of private companies, cloud platforms, and AI tools, creating a larger attack surface for hackers.

Medicare Records Are Valuable—And Risky

On the dark web, Medicare records are worth 10 times more than stolen credit cards. That’s because medical records contain detailed personal information that’s harder to change or recover from once compromised. This level of exposure can lead to long-term identity theft, fraudulent medical claims, and other serious consequences.

United Healthcare’s Troubling Role

United Healthcare, through its OPTUM subsidiary, already holds one of the largest collections of claims data in the country. They have faced lawsuits accusing them of using sensitive patient data to target customers for additional products. This history raises red flags about whether patient privacy is truly a priority.

Despite this, CMS is giving UnitedHealthcare a “front row seat” to design how Medicare data will be handled in the future. This decision has sparked concern among privacy advocates and healthcare professionals alike.

Artificial Intelligence: Promise and Peril

CMS’s partnerships with tech giants like Google, Amazon, Apple, OpenAI, and Anthropic are meant to harness AI’s power to improve patient outcomes. The idea is that unlocking data for AI will help create more innovative, more efficient healthcare tools.

However, AI also introduces new risks:

Free Medicare Insurance Help

Reach out to the Senior Savings Network
Click Here
  • Data Usage: Will your personal Medicare records be used to train AI models? What protections are in place?
  • Opt-Out Options: The system is designed to be opt-in, but how effective is this in practice? Are patients fully informed?
  • Security Vulnerabilities: AI companies are increasingly targeted by hackers. A breach could expose vast amounts of sensitive data.

Moreover, CMS is rolling out AI-driven prior authorization processes through a new demonstration called Wiser, starting in 2026 in six states. Prior authorization—already a frustrating and slow process—could become more opaque and automated, potentially leading to widespread denials of care based on AI algorithms.

Lessons from the Past: The Change Healthcare Breach

The Change Healthcare hack exposed several key vulnerabilities that should be lesson for the future:

  • Third-Party Risks: Hackers found a way in through a third-party vendor responsible for security.
  • Weak Authentication: Stolen login credentials and a lack of multi-factor authentication allowed prolonged access.
  • Delayed Detection: The breach went unnoticed for weeks, amplifying damage.
  • Broad Impact: The breach disrupted pharmacies nationwide, delayed surgeries, and affected patient care for months.

Despite these risks, CMS is moving forward with a system that connects Medicare records to multiple private companies and AI tools, increasing the attack surface and potential for future breaches.

What Can You Do to Protect Your Medicare Data?

While the system changes are largely out of individual control, there are essential steps you can take to protect your Medicare information:

  1. Stay Informed: Understand what data is being collected and shared. Watch for updates from CMS and trusted Medicare information sources like Medicare.gov.
  2. Monitor Your Records: Regularly check your Medicare Summary Notices (MSNs) for suspicious or unauthorized charges.
  3. Use Strong Authentication: Where possible, enable multi-factor authentication on any healthcare portals or accounts.
  4. Be Wary of Phishing: Protect yourself from scams by not clicking on suspicious links or providing personal information unless you verify the source.
  5. Download Our Free Medicare Data Protection Guide: This guide offers detailed tips on spotting fraud, checking if your data was exposed in breaches, and securing your Medicare information. You can download it at seniorsavingsnetwork.org/dataguide.

How to Get Involved and Advocate for Your Privacy

These sweeping changes to Medicare data sharing are happening fast—within six months, CMS expects every American to be part of this digital health ecosystem. But you have a voice, and it’s important to make it heard:

  • Contact your senators and representatives to express your concerns about rushing these changes without adequate privacy protections.
  • Ask for greater transparency and public input before implementing such significant shifts in how your data is handled.
  • Share information with friends and family, especially those approaching Medicare age, so they can be prepared and aware.

Remember, Medicare records are your personal property. You have the right to demand that your data is handled safely, securely, and with respect.

Final Thoughts: Balancing Innovation with Privacy

No doubt, modernizing healthcare with digital records and AI has the potential to improve patient outcomes, reduce paperwork, and save lives. But this progress should never come at the expense of privacy and security.

The 2024 Change Healthcare breach was a wake-up call that our healthcare data system is vulnerable. Entrusting your most sensitive information to companies with a history of breaches and data misuse, while involving AI systems still grappling with ethical and security challenges, raises serious questions.

As CMS moves forward with its digital health ecosystem, patients and seniors must remain vigilant, informed, and empowered to protect their data. The future of healthcare is digital, but it must also be safe.

If you want to take action today, start by downloading the Medicare Data Protection Guide at seniorsavingsnetwork.org/dataguide. Share it with anyone you know who is on Medicare or about to turn 65. And always keep asking questions about how your data is used and protected.

Medicare Data Protection Guide download page

Frequently Asked Questions (FAQ)

Q: What is the CMS Digital Health Ecosystem?

A: It’s a new system launched by CMS to modernize how medical records are shared and accessed. It involves partnerships with major healthcare and tech companies to create a standardized, AI-powered platform for electronic medical records.

Q: Which companies are involved in this new system?

A: The system includes 60 major companies such as United Healthcare, Google, Amazon, Apple, OpenAI (ChatGPT), and Anthropic, among others.

Q: Why is the involvement of United Healthcare concerning?

A: United Healthcare’s subsidiary, Change Healthcare, was responsible for the largest healthcare data breach in U.S. history in 2024, which exposed the data of 190 million Americans. This raises concerns about their ability to protect sensitive data moving forward.

Q: Will my Medicare data be used to train AI systems?

A: CMS has indicated that data will be unlocked to improve AI-driven healthcare tools, but it remains unclear how much personal data will be used and whether patients can opt out fully.

Q: How can I protect my Medicare information?

A: Stay informed, monitor your Medicare statements, use strong authentication, avoid phishing scams, and download resources like the Medicare Data Protection Guide to learn more.

Q: Is there a centralized government database for medical records?

A: CMS states there will be no centralized government-run database. Instead, data will be shared across a network of private companies and cloud platforms.

Q: What can I do if I’m worried about my data privacy?

A: Contact your elected officials to express your concerns, stay vigilant about your personal information, and educate yourself about your rights as a Medicare beneficiary.

Your healthcare data is a precious asset—don’t let it become a liability. Stay informed, stay protected, and advocate for your privacy.

Scroll to Top
Click Here to Call