The federal government’s top healthcare insurance agency has suffered an apparent data breach.
Late Friday, the U.S. Centers for Medicare and Medicaid Management (CMS) disclosed that 75,000 patient records had been compromised by hackers. Few other details have been released.
In a written statement, the agency said that it “detected anomalous activity” on Oct. 13 and “took immediate steps to secure the system and consumer information.” It’s unclear what type of information might have been compromised in the incident – names, healthcare information or other sensitive data.
The incident affected only the Federally Facilitated Exchanges’ (FFE) Direct Enrollment pathway, which permits agents and brokers to help “consumers with applications for coverage in the FFE,” according to CMS. It is the system used to enroll in healthcare plans via the insurance exchange established under the Affordable Care Act or Obamacare.
The affected FFD system has been disabled but CMS said it planned to restore service by end of the week.
“Our number one priority is the safety and security of the Americans we serve. We will continue to work around the clock to help those potentially impacted and ensure the protection of consumer information,” said CMS Administrator Seema Verma. “I want to make clear to the public that HealthCare.gov and the Marketplace Call Center are still available, and open enrollment will not be negatively impacted. We are working to identify the individuals potentially impacted as quickly as possible so that we can notify them and provide resources such as credit protection.”
As of this morning, the CMS breach did not appear on the Office for Civil Rights Data Breach Portal.
The Centers for Medicare & Medicaid Services is a federal agency in the U.S. Department of Health and Human Services (HHS) that administers the Medicare program and works in partnership with state governments to administer Medicaid, the Children's Health Insurance Program, and health insurance portability standards.