Medicare officials said 254,000 beneficiaries may have had identifying information exposed in a ransomware attack that occurred in October.