Hack on ACA sign-up portal jeopardizes 75K records

Hackers who targeted an Affordable Care Act sign-up portal accessed the files of about 75,000 consumers, CMS has confirmed.

CMS began an investigation into "suspicious activity" in the federally facilitated exchanges' direct enrollment pathway for agents and brokers on Oct. 13 and declared a breach on Oct. 16. The direct enrollment pathway allows agents and brokers to assist consumers in enrolling for healthcare coverage through the federally facilitated exchanges, established under the Affordable Care Act.

CMS, which is still in the beginning stages of assessing the breach, has deactivated the agent and broker accounts associated with the hack and disabled the entire direct enrollment pathway. The agency said it plans to restore the portal by Oct. 26 with additional security measures.

In its Oct. 19 statement, CMS emphasized it only disabled the direct enrollment pathway for agents and brokers. Other enrollment channels, such as HealthCare.gov and the Marketplace call center, were not affected in the hack and remain operational.

"I want to make clear to the public that ... open enrollment will not be negatively impacted," CMS Administrator Seema Verma said.

CMS did not specify the types of personal information that were exposed in the hack.

The agency said 75,000 consumers is a "small fraction of consumer records present on the FFE," adding that "any breach of our system is unacceptable."

CMS said it is continuing to investigate to identify all individuals affected by the breach and plans to provide those consumers with security services, such as credit protection.

More articles on cybersecurity:
HHS updates security risk assessment tool
HITRUST rolls out program to help startups with privacy, security
FDA signs agreement with Homeland Security to improve medical device security

© Copyright ASC COMMUNICATIONS 2019. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

 

Top 40 Articles from the Past 6 Months