The Centers for Medicare and Medicaid Services announced Friday (October 19) that a government portal that insurance agents and brokers use to help customers sign up for healthcare was hacked, with the bad guys getting off with the personal data of 75,000 people.
In a press release late Friday, CMS said that earlier in the week staff detected anomalous activity in the Federally Facilitated Exchanges (FFE)’s Direct Enrollment pathway for agents and brokers. The Direct Enrollment pathway, first launched in 2013, allows insurance agents and brokers to assist consumers with applications for coverage in the FFE. CMS said that it believes about 75,000 individuals’ files were accessed via the data breach. The government agency noted that this is a small portion of consumer health records on the system, but that nevertheless the breach is not acceptable.
“Our number one priority is the safety and security of the Americans we serve. We will continue to work around the clock to help those potentially impacted and ensure the protection of consumer information,” said CMS Administrator Seema Verma in a press release announcing the breach. “I want to make clear to the public that HealthCare.gov and the Marketplace Call Center are still available, and open enrollment will not be negatively impacted. We are working to identify the individuals potentially impacted as quickly as possible so that we can notify them and provide resources such as credit protection.”
CMS said that upon verifying the breach it took immediate steps to secure the system and consumer information, further investigate the incident, and subsequently notify federal law enforcement. The government agency said it began the initial investigation into the breach on October 12 and declared it on October 16. The agent and broker accounts associated with the activity were deactivated and the Direct Enrollment pathway for agents and brokers was disabled. It said that was done out of an “abundance of caution.” “We are working to address the issue, implement additional security measures, and restore the Direct Enrollment pathway for agents and brokers within the next 7 days,” it said in the release.