HealthCare.gov system hack leaves 75,000 individuals exposed

Centers for Medicare and Medicaid Services (CMS) experienced a data breach leading to exposure of highly sensitive personal data of nearly 75,000 people. The CMS is a government system linked with healthCare.gov which assists insurance agents and brokers in helping people register for its healthcare plans.

A hack was detected earlier this month in a government computer system that works alongside HealthCare.gov, exposing the personal information of approximately 75,000 people, according to the agency in charge of the portal.

The Centers for Medicare and Medicaid Services made the announcement late in the afternoon ahead of a weekend, a time slot that agencies often use to release unfavorable developments.

The announcement was made late Friday by the CMS to confirm the data breach but details about the stolen data and content haven’t been provided as yet. It is, however, confirmed that personal files of 75,000 people have been exposed to hackers.

The brokers and agents use the Federally Facilitated Exchange’s Direct Enrollment pathway to convince customers to enroll in health insurance. The pathway was compromised by the attackers between 13 Oct and 16 Oct 2018, confirmed CMS.

The hacked system was connected to the Healthcare.gov website, the front-facing portal for anyone signing up for an insurance plan under former President Obama’s healthcare law, the Affordable Care Act. Hackers targeted the behind-the-scenes system that insurance agents used to help customers directly enroll in new plans, and not the consumer Healthcare.gov site itself. 

In order to sign up for healthcare plans, customers have to give over a ton of personal data — including names, addresses, and their social security number. CMS didn’t say exactly what kind of data was included in the stolen files, nor did it say how the breach happened.

About 10 million people currently have private coverage under former President Barack Obama’s health care law.

Consumers applying for subsidized coverage have to provide extensive personal information, including Social Security numbers, income and citizenship or legal immigration status.

The system that was hacked is used by insurance agents and brokers to directly enroll customers. All other signup systems are working.

CMS spokesman Johnathan Monroe said “nothing happened” to the HealthCare.gov website used by the general public. “This concerns the agent and broker portal, which is not accessible to the general public,” he said.

Federal law enforcement has been alerted and affected customers will be notified and offered credit protection.