Mailing Error at CMS Vendor Affects 10,000 Medicare Beneficiaries. The Centers for Medicare & Medicaid Services (CMS) has started notifying certain Medicaid beneficiaries about an impermissible disclosure of some of A mailing error at a CMS vendor has resulted in the impermissible disclosure of the PHI of 10,000 Medicare beneficiaries. UHS of Delaware and Northeast Behavioral Health Care Consortium have confirmed patient data has been exposed in phishing attacks. Third-party company: Palmetto GBA.