Healthcare.gov breach compromised immigration, tax information

CMS has revealed more details about the hack on an Affordable Care Act sign-up portal involving about 75,000 consumers in mid-October, according to TechCrunch.

Hackers reportedly obtained access to several brokers' and agents' Healthcare.gov accounts and "engaged in excessive searching" of the marketplace systems. Brokers and agents are granted a direct enrollment pathway to assist consumers in enrolling for healthcare coverage through the federally facilitated exchanges. CMS didn't disclose how the hackers gained access to the accounts, but said the affected accounts were immediately shut down.

According to a letter CMS sent to affected individuals dated Nov. 7, compromised data included:

  • Name, date of birth, address, sex and the last four digits of their Social Security number, if SSN was provided on the application;
  • Information included on the application, including expected income, tax filing status, family relationships, citizenship status, immigration document types and numbers, employer name, whether the applicant was pregnant and whether the applicant already had health insurance;
  • Information provided by other federal agencies and data sources to confirm the information provided on the application, and whether the marketplace requested the applicant provide additional documents or explanations;
  • The results of the application, including whether the applicant was eligible to enroll in a qualified health plan, and, if eligible, the tax credit amount; and
  • If the applicant enrolled, the name of the insurance plan, the premium and dates of coverage.

Although CMS first noted the breach affected 75,000 individuals, a person familiar with the investigation told TechCrunch the count is expected to change. The stolen files also included data on children.

Healthcare.gov is the online marketplace that Americans use to enroll in health insurance plans under the Affordable Care Act. In 2018, about  11.8 million people used the website to sign up for coverage, TechCrunch said.

A spokesperson told the publication that CMS is expected to issue an update on the data breach later this week.

More articles on cybersecurity:

5 security frameworks hospitals are adopting
SamSam ransomware continues to wreak havoc on healthcare, report finds
1 in 3 ransomware attacks target healthcare companies, report suggests

© Copyright ASC COMMUNICATIONS 2018. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

 

Top 40 Articles from the Past 6 Months