HealthCare.gov Portal Suffers Data Breach Exposing 75,000 Consumers

Photo: AP

Sensitive information belonging to roughly 75,000 individuals was exposed after a government healthcare sign-up system got hacked, the Centers for Medicare & Medicaid Services (CMS) said on Friday.

The agency said that “anomalous system activity” was detected last week in the Direct Enrollment system, which Americans use to enroll in healthcare plans via the insurance exchange established under the Affordable Care Act—also known as Obamacare.

Advertisement

A breach was declared on Wednesday. It’s unclear why the agency, a division of the U.S. Department of Health and Human Services, chose to not announce the incident sooner.

Officials said the hacked portal is used by insurance agents and brokers to help Americans sign up for coverage and that no other systems were involved. The affected system has been disabled. CMS said it hoped to restore it before the end of next week.

The accounts linked to the suspicious activity have also been deactivated.

“I want to make clear to the public that HealthCare.gov and the Marketplace Call Center are still available, and open enrollment will not be negatively impacted,” CMS Administrator Seema Verma said in a statement. “We are working to identify the individuals potentially impacted as quickly as possible so that we can notify them and provide resources such as credit protection.”

Advertisement

The agency did not supply any additional details regarding the types of personal information exposed, though insurance applicants are typically asked to provide sensitive details, such as Social Security numbers. A request for comment was not immediately answered.

“It is important to note that CMS is in the beginning stages of the assessment of this breach,” CMS said. “This is an evolving situation and we will continue to provide additional information.”

Advertisement

This is a developing story.

Share This Story

About the author

Dell Cameron

Privacy, security, tech policy | Got a tip? Email: dell@gizmodo.com | Send me encrypted texts using Signal: (202)556-0846

EmailTwitterPosts
PGP Fingerprint: A70D 517E FB9A 02C9 C56E 86D5 877E 64E7 10DF A8AEPGP Key
OTR Fingerprint: 2374A8EA 6D2B7712 0D82D659 C0FE8253 A3F080FD