The government’s sign-up system for healthcare plans fell victim to a data breach, affecting the sensitive information of some 75,000 individuals, confirmed a press release from The Centers for Medicare and Medicaid Services on Friday.
The tool is used by insurance agents and brokers that help US citizens sign up for insurance plans, so naturally they request a lot of personal information such as names, addresses and Social Security Numbers. CMS says “a small fraction of consumer records” were accessed, but gave no information regarding the type of data compromised or how the breach exactly occurred.
After “anomalous system activity” was detected in the Federally Facilitated Exchanges’ Direct Enrollment, the pathway was shut down and suspicious agent and broker accounts were deactivated.
The breach was detected on October 13 and publicly announced on October 16. CMS immediately reported the incident to federal law enforcement and followed standard procedure to protect the security of customer data and contain the incident. Affected customers will receive assistance and, to prevent similar situations in the future, CMS commits to increasing security measures.