14 DAY TRIAL // On October 19 the U.S. Centers for Medicare & Medicaid Service (CMS) disclosed a HealthCare.gov data breach that allowed hackers to steal the private information of around 75,000 individuals.
Although the CMS advisory does not disclose the type of data stolen during the data theft incident, there is a high probability that both Personally identifiable information (PII) and PHI (Protected Health information) might have been exposed in the attack.
According to the report, the breach was detected after CMS staff noticed unusual activity in the Federally Facilitated Exchanges' Direct Enrollment pathway on October 13, a system which allows healthcare insurance brokers and agents to enroll Obamacare users.
CMS Administrator Seema Verma said, "Our number one priority is the safety and security of the Americans we serve. We will continue to work around the clock to help those potentially impacted and ensure the protection of consumer information."
The affected Direct Enrollment tool was disabled, and all accounts used during the data breach were disabled
"I want to make clear to the public that HealthCare.gov and the Marketplace Call Center are still available, and open enrollment will not be negatively impacted. We are working to identify the individuals potentially impacted as quickly as possible so that we can notify them and provide resources such as credit protection," also said Verma.
Furthermore, CMS immediately notified Federal law enforcement agencies about the incident after the discovery, started an internal investigation and took a number of extra measures to further consumer and system information from future attacks.
Moreover, all broker and agent accounts that were found to be used during the anomalous activity window were disabled, and the Direct Enrollment pathway was deactivated with the possibility of reactivation during the next seven days.
"The tool through which the breach occurred is only available through the currently-disabled Direct Enrollment pathway for agents and brokers. As a result, the remaining FFE enrollment channels, including HealthCare.gov and the Marketplace Call Center, remain operational," says CMS's disclosure notice.