Hackers have infiltrated a government platform used by brokers and insurance agents to help customers gain healthcare plans, stealing the sensitive and personal data of some 75,000 individuals.
In a late Friday announcement, the Centers for Medicare and Medicaid Services confirmed that the hacked system was connected to the Healthcare.gov website, the same portal used by U.S. citizens to sign up for the insurance plan under the Affordable Care Act introduced by the Obama administration. Specifically, hackers targeted the backend system, dubbed the Direct Enrollment pathway, used by insurance agents to enrol new customers, not the website itself.
A customer typically reveals personal data including names, addresses and social security numbers, although the CMS didn’t reveal any details about the contents of files nor how the breach occurred.
CMS administrator Seema Verma stated:
“Our number one priority is the safety and security of the Americans we serve. We will continue to work around the clock to help those potentially impacted and ensure the protection of consumer information.
The ‘anomalous system activity’ was first investigated by the CMS on October 13 and a breach was confirmed three days later. Broker and agent accounts associated with the suspicious activity was deactivated and the entire platform was disabled ‘out of an abundance of caution’, according to the administrator.
“We are working to address the issue, implement additional security measures, and restore the Direct Enrollment pathway for agents and brokers within the next 7 days,” she added.
As things stand, other FFE enrolment channels including the Marketplace Call Center and HealthCare.gov remain operational.
The CMS is investigating the incident and has contacted federal law enforcement to notify them of the customer data breach.
Image credit: Pexels.