Healthcare.gov Website Breached: 75,000 Affected
By: Jim Stickley and Tina Davis
October 27, 2018
Open enrollment for healthcare is not only stressful for those trying to navigate the maze of choices and enroll in a plan. It’s also anxiety-ridden for the agents and brokers that work with consumers to find the best plans and enroll those consumers. And now, hackers decided to add to that stress and anxiety. Recently, the Centers for Medicare and Medicaid Services (CMS) announced that data of around 75,000 people was exposed when a government computer system associated with Heathcare.gov was breached.
Specifically, it affected the Direct Enrollment pathway that the agents and brokers use for applications on the Federally Facilitated Exchanges (FFE). The specific accounts that were affected were “deactivated” as was the Direct Enrollment pathway and all access to Healthcare.gov via third party sites.
The breach was officially declared on October 16, which is when the public was notified, but the abnormal activity was seen on October 13. The Heathcare.gov website and the Marketplace Call Center are still open and functioning. The officials don’t expect the open enrollment to be negatively affected. The official open enrollment starts in November. However, some state exchanges are already available and open and were not affected by this.
For the time being, since we really don’t know what was accessed, those who did use healthcare.gov for their enrollment, regardless of whether this year or before, check your healthcare benefit statements when you receive them. If there is anything suspicious, contact your provider immediately. That’s because they could have your social security number and use it for healthcare fraud.
In addition, check your payment card statements for the card that you used to pay for premiums for suspicious activity. Notify your card issuer of anything odd and get it resolved right away.
Agents and brokers should monitor activity for their accounts and when access is restored, immediately change passwords. Make them at least eight characters; include upper and lowercase letters, as well as numbers and special characters. Don’t use words or phrases that are common and definitely don’t use personally identifiable information such as your birthdate or driver’s license number.
As for when the pathway will again be available, a CMS representative that spoke to CNN about this incident was not able to commit to a date or timeframe. However, the news release on the CMS website states access is expected to be restored on or around October 24. There is an active federal investigation, however and more details are likely to be revealed.