miodrag ignjatovic | E+ | Getty ImagesUp to 254,000 Medicare beneficiaries’ personal information may have been compromised in an online ransomware attack at a government subcontractor, officials warned this week. Letters are being sent to the beneficiaries who were impacted by the potential data breach, said the Centers for Medicare & Medicaid Services. Those affected — who represent less than 0.4% of Medicare’s 64.5 million beneficiaries — will also receive a replacement Medicare card with a new identification number in the next few weeks.” The safeguarding and security of beneficiary information is of the utmost importance to this agency, CMS Administrator Chiquita Brooks-LaSure said in the announcement. More from Personal Finance: Used car prices are down 3.3% from a year ago 63% of Americans living paycheck to paycheck How health insurance is helping cool inflation”We continue to assess the impact of the breach involving the subcontractor, facilitated support to individuals potentially affected by the incident, and will take all necessary actions needed to safeguard the information entrusted to CMS,” Brooks-LaSure said. The personal information that could have been compromised include name, address, date of birth, phone number, Social Security number, Medicare beneficiary identifier, banking information (including routing and account nu mbers) and Medicare entitlement, enrollment and premium information. Free credit-monitoring is also being offered to the impacted individuals; the letters being sent include information on how to sign up for the service. No CMS systems were breached, and no Medicare claims data were involved, according to the announcement. The agency also is not aware of any reports of identity fraud or improper use of the personal information as a direct result of the incident. The subcontractor, Healthcare Management Solutions, experienced the ransomware attack on its corporate network on Oct. 8, according to CMS. The company handles the agency data as part of processing Medicare eligibility and entitlement records, as well as premium payments. CMS was alerted the day after the attack, and on Oct. 18, officials “determined with high confidence that the incident potentially included personally identifiable information and protected health information for some Medicare enrollees,” according to the CMS release. For its part, Healthcare Management Solutions told CNBC that it swiftly acted to take its network offline to contain the cybersecurity incident and an investigation remains ongoing. In a statement, the company said it also regrets “any concern this incident may have caused to our community and will notify individuals affected by legal and contractual obligations.” In the first half of 2022, more than 53 million individuals in the US were affected. by data compromises, according to Statista. In 2021, the three most affected industries were healthcare, financial services and manufacturing.