The government’s sign-up system for healthcare plans fell victim to a data breach, affecting the sensitive information of some 75,000 individuals, confirmed a press release from The Centers for Medicare and Medicaid Services on Friday.
The tool is used by insurance agents and brokers that help US citizens sign up for insurance plans, so naturally they request a lot of personal information such as names, addresses and Social Security Numbers. CMS says “a small fraction of consumer records” were accessed, but gave no information regarding the type of data compromised or how the breach exactly occurred.
After “anomalous system activity” was detected in the Federally Facilitated Exchanges’ Direct Enrollment, the pathway was shut down and suspicious agent and broker accounts were deactivated.
“I want to make clear to the public that HealthCare.gov and the Marketplace Call Center are still available, and open enrollment will not be negatively impacted,” CMS Administrator Seema Verma said in the press release. “We are working to identify the individuals potentially impacted as quickly as possible so that we can notify them and provide resources such as credit protection.”
The breach was detected on October 13 and publicly announced on October 16. CMS immediately reported the incident to federal law enforcement and followed standard procedure to protect the security of customer data and contain the incident. Affected customers will receive assistance and, to prevent similar situations in the future, CMS commits to increasing security measures.