Healthcare.gov FFE Breach Compromises 75K Users' Data

Attackers broke into a sign-up system used by healthcare insurance agents and brokers to help consumers apply for coverage.

Dark Reading Staff, Dark Reading

October 23, 2018

1 Min Read
Dark Reading logo in a gray background | Dark Reading

The Center for Medicare and Medicaid Services (CMS) has reported a sign-up system for Healthcare.gov has been breached, leading to the compromise of 75,000 users' personal data.

On Oct. 13, CMS staff detected suspicious activity in the Federally Facilitated Exchanges (FFE) – the FFE's Direct Enrollment pathway – a system used by healthcare insurance agents and brokers to help consumers apply for coverage available on Healthcare.gov.

When the breach was confirmed on Oct. 16, officials deactivated agent and broker accounts associated with the anomalous activity and disabled the pathway. "We are working to address the issue, implement additional security measures, and restore the Direct Enrollment pathway for agents and brokers within the next 7 days," CMS said in a release.

The tool used to breach the system is available only via the disabled pathway. All other FEE enrollment channels, including Healthcare.gov and the Marketplace Call Center, are running. It's worth noting the compromised system is available only to agents and brokers, not the general public.

CMS said open enrollment will not be negatively affected by the incident, and it's planning to notify all those potentially affected "as quickly as possible."

Read more details here.

BHEURUOPE2018-vplug_Web_Banners_468x60_Sponsor.png

 

Black Hat Europe returns to London Dec 3-6 2018  with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the conference and to register.

About the Author

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights