Healthcare.gov reveals that hackers stole personal and sensitive data

• The sensitive data exposed may include customers’ names, dates, of birth, addresses, gender and the last four digit of the Social Security numbers.
• Officials claim that no financial information was compromised in the breach.

New details have surfaced about a data breach involving the Healthcare.gov portal. The data breach that was first reported on October 19 affected to as many as 75,000 consumers.

In the latest notification letter, the Centers for Medicare and Medicaid Services (CMS) explained that the sensitive data exposed may include customers’ names, dates, of birth, addresses, gender and the last four digit of the Social Security numbers.

“Other information provided on the application, include expected income, tax filing status, family relationships; whether the applicant is a citizen or an immigrant, immigration document types and numbers, employer name; whether the applicant was pregnant, and whether the applicant already had health insurance,” the CMS said in a statement.

However, officials claim that no financial information compromised in the breach. CMS also confirmed that the exposed data did not include any diagnosis or treatment information.

“The information that was accessible did not include bank account numbers, credit card numbers, or diagnosis or treatment information,” the firm said in a notification letter to the affected customers.

The CMS is still investigating the matter and has found that the customers who are listed on marketplace applications were the ones primarily affected. It was also discovered that a couple of agents and brokers engaged in excessive searching had accessed the personal information of these customers.

The organization is yet to determine whether any information was actually misused by hackers. However, since the breach involves the compromise of sensitive personal information, Healthcare.gov fears that identity theft attacks may be a real risk.

As a part of security measure, the firm has implemented additional security measures to protect the data of consumers. It also notified the all the affected customers about the breach. In addition, it is providing free identity protection services to the affected customers for a year.