CMS brought an ACA sign-up portal back online Oct. 26 after confirming hackers had accessed the files of about 75,000 consumers earlier this month.
The agency began an investigation into "suspicious activity" in the federally facilitated exchanges' direct enrollment pathway for agents and brokers on Oct. 13 and declared a breach on Oct. 16. The direct enrollment pathway allows agents and brokers to assist consumers in enrolling for healthcare coverage through the federally facilitated exchanges, established under the ACA.
CMS released a public statement about the breach Oct. 19, stating the agency had deactivated the agent and broker accounts associated with the hack and disabled the entire direct enrollment pathway. In an Oct. 26 email, CMS said it had worked with the HHS CIO and the HHS Office of Inspector General during the past week to restore the portal with additional security measures.
As of Oct. 26, all of the agency's enrollment channels are operational, including the direct enrollment pathway for agents and brokers, HealthCare.gov, and the Marketplace call center.
CMS added that although it is still in the midst of its investigation, it can confirm no banking, federal tax information or protected health information was exposed during the breach. The agency said it plans to notify affected consumers and offer them free credit protection, identity monitoring, identity theft insurance and identity restoration services after completing its assessment.