Hackers have got access to personal data belonging to 75,000 people in a breach of government health insurance system used by insurance agents and brokers to help customers sign up for healthcare plans in the US, the media reported.
The Centers for Medicare and Medicaid Services (CMS), part of the US Department of Health and Human Services (HHS), confirmed the breach late on 19 October.
“We are working to identify the individuals potentially impacted as quickly as possible so that we can notify them and provide resources such as credit protection,” CMS Administrator Seema Verma said in a statement.
CMS staff detected anomalous activity in the Federally Facilitated Exchanges, or FFE’s Direct Enrollment pathway for agents and brokers on 13 October.
Verma noted that this system is different from the consumer-facing Healthcare.gov website, The Verge reported.
The tool through which the breach occurred is only available through the currently-disabled Direct Enrollment pathway for agents and brokers, CMS said.
The agent and broker accounts that were associated with the anomalous activity were deactivated, and the Direct Enrollment pathway for agents and brokers was disabled.
“We are working to address the issue, implement additional security measures, and restore the Direct Enrollment pathway for agents and brokers within the next seven days,” the statement added.