Sensitive information belonging to roughly 75,000 individuals was exposed after a government healthcare sign-up system got hacked, the Centers for Medicare & Medicaid Services (CMS) said on Friday.
The agency said that “anomalous system activity” was detected last week in the Direct Enrollment system, which Americans use to enroll in healthcare plans via the insurance exchange established under the Affordable Care Act—also known as Obamacare.
A breach was declared on Wednesday. It’s unclear why the agency, a division of the U.S. Department of Health and Human Services, chose to not announce the incident sooner.
Officials said the hacked portal is used by insurance agents and brokers to help Americans sign up for coverage and that no other systems were involved. The affected system has been disabled. CMS said it hoped to restore it before the end of next week.
The accounts linked to the suspicious activity have also been deactivated.
“I want to make clear to the public that HealthCare.gov and the Marketplace Call Center are still available, and open enrollment will not be negatively impacted,” CMS Administrator Seema Verma said in a statement. “We are working to identify the individuals potentially impacted as quickly as possible so that we can notify them and provide resources such as credit protection.”
The agency did not supply any additional details regarding the types of personal information exposed, though insurance applicants are typically asked to provide sensitive details, such as Social Security numbers. A request for comment was not immediately answered.
“It is important to note that CMS is in the beginning stages of the assessment of this breach,” CMS said. “This is an evolving situation and we will continue to provide additional information.”
This is a developing story.