On Friday, the Centers For Medicare and Medicaid Services (CMS) announced a data breach at a computer system which interacts with the Healthcare.gov site. Files for about 75,000 users -- agents and brokers -- were accessed by unauthorized persons. The announcement stated:
"Earlier this week, CMS staff detected anomalous activity in the Federally Facilitated Exchanges, or FFE’s Direct Enrollment pathway for agents and brokers. The Direct Enrollment pathway, first launched in 2013, allows agents and brokers to assist consumers with applications for coverage in the FFE... CMS began the initial investigation of anomalous system activity in the Direct Enrollment pathway for agents and brokers on October 13, 2018 and a breach was declared on October 16, 2018. The agent and broker accounts that were associated with the anomalous activity were deactivated, and – out of an abundance of caution – the Direct Enrollment pathway for agents and brokers was disabled."
CMS has notified and is working with Federal law enforcement. It expects to restore the Direct Enrollment pathway for agents and brokers within the next 7 days, before the start of the sign-up period on November 1st for health care coverage under the Affordable Care Act.
CMS Administrator Seema Verma said:
"I want to make clear to the public that HealthCare.gov and the Marketplace Call Center are still available, and open enrollment will not be negatively impacted. We are working to identify the individuals potentially impacted as quickly as possible so that we can notify them and provide resources such as credit protection."
Sadly, data breaches happen -- all too often within government agencies and corporations. It should be noted that this breach was detected quickly -- within 3 days. Other data breaches have gone undetected for weeks or months; and too many corporate data breaches affected millions.