- Hackers gained access to the HealthCare.gov’s sign-up system to steal users’ sensitive data.
- Agent and broker accounts on the FFE have been temporarily deactivated.
A data breach at HealthCare.gov has resulted in exposing the data of roughly 75,000 people. The breach was confirmed by the Centers for Medicare & Medicaid Services (CMS) staff members on October 16.
According to a press release, the hackers gained access to the HealthCare.gov’s sign-up system, called the Federally Facilitated Exchange (FFE). The system is managed by the CMS staff and is used by the HealthCare insurance agents and brokers to enroll users into Obamacare plans.
Detecting the breach
The CMS stated that it detected some suspicious activity on the FEE system on October 13, following which, they initiated an investigation. They also deactivated agent and broker accounts as a precautionary measure.
“CMS began the initial investigation of anomalous system activity in the Direct Enrollment pathway for agents and brokers on October 13, 2018, and a breach was declared on October 16, 2018. The agent and broker accounts that were associated with the anomalous activity were deactivated, and – out of an abundance of caution – the Direct Enrollment pathway for agents and brokers was disabled,” the CMS said in a statement.
Although the healthcare organization is yet to reveal what kind of data was stolen in the breach, the government agency has confirmed that they are planning to implement additional security measures and restore the FFE direct enrollment for agents and brokers within the next seven days.
The CMS said that it has notified Federal law enforcement agencies about the breach and is actively working towards protecting the potentially affected customers.
“Upon verification of the breach, CMS took immediate steps to secure the system and consumer information, further investigate the incident, and subsequently notify Federal law enforcement. We are actively engaged in and committed to helping those potentially impacted as well as ensuring the protection of consumer information,” CMS clarified.