Hackers have breached a HealthCare.gov sign-up system and have gotten their hands on the personal information of roughly 75,000 people, the government said on Friday, October 19.
The system is named Federally Facilitated Exchanges (FFE), and is managed by the Centers for Medicare & Medicaid Services (CMS). Healthcare insurance agents and brokers use the FFE to enroll users into Obamacare plans made available through the official HealthCare.gov portal.
The CMS said that it detected "anomalous system activity" in the FFE on October 13, 2018, last Saturday, and started an immediate investigation.
A breach was confirmed the past week, on Tuesday, October 16.
"The agent and broker accounts that were associated with the anomalous activity were deactivated, and - out of an abundance of caution - the Direct Enrollment pathway for agents and brokers was disabled," the CMS said in a press release.
The government agency says it plans to re-enable FFE direct enrollment for agents and brokers within the next seven days.
US citizens can still enroll for Obamacare health care plans via the HealthCare.gov portal or the Marketplace Call Center.
The FBI has been notified, the CMS said, and the agency plans to notify all those affected.
"We are working to identify the individuals potentially impacted as quickly as possible so that we can notify them and provide resources such as credit protection," said CMS Administrator Seema Verma.
"I want to make clear to the public that HealthCare.gov and the Marketplace Call Center are still available, and open enrollment will not be negatively impacted," Verma added.
- Open source web hosting software compromised with DDoS malware
- Tumblr discloses vulnerability but says 'no evidence that this bug was abused'
- Zero-day in popular jQuery plugin actively exploited for at least three years
- Justice Department charges Russian trolls' chief accountant CNET
- Almost half of cyberattacks are directed at SMBs TechRepublic
- Vendors confirm products affected by libssh bug as PoC code pops up on GitHub
- DJI website's 'Get the app on Google Play' directs users elsewhere