- Last month, a breach of HealthCare.gov took place that affected those applying for coverage under the Affordable Care Act, HHS reported last Friday.
The intrusion led to inappropriate access to the personal information of about 75,000 individuals listed on Marketplace applications. Agents and brokers utilize the Marketplace system.
As a result, starting the week of November 5, the Marketplace was phoning those impacted. Following the call, a letter detailing the breach and available protections will be sent. Meantime, HealthCare.gov is safe to use and the agent and broker system is again available — with additional security measures in place, so the site can be used directly. Agent and brokers can access similar resources.
Names, birthdates, addresses, and partial Social Security numbers were compromised in the breach, as well as a various other personal, employment and immigration information, CMS wrote in a letter sent to individuals listed on affected applications, according to multiple reports.
“We are continuing to investigate this breach and putting additional security measures in place to make sure HealthCare.gov and the Marketplace process are safe and all consumer information is protected,” the letter said.
Published on HealthCare.gov, last Friday’s update provided details about the data breach three weeks after CMS first acknowledged that sensitive but unspecified information involving those individuals had been exposed as a result of “anomalous system activity” detected earlier last month.
The tens of thousands of those whose records have been compromised represent a relatively small share of the 8.7 million Americans who signed up for this year’s coverage, according to a report in the Washington Post.
That said, the breach comes as Trump’s healthcare aides hunkered down on fostering an expanded role for agents and brokers in the ACA sign-up process rather than the HealthCare.gov computer system that consumers use directly.
It appears to be the first breach since fall 2013 when Americans began purchasing health plans under the ACA, the Times also reported.
In this most current episode on October 16, a number of agent and broker accounts searched excessively for consumers, leading to access to the personal information of those listed on Marketplace applications. Agent and broker accounts — as well as all the agent and broker functions — were immediately shut off, while changes were implemented to upgrade security.
While a careful review showed bank accounts numbers, credit card numbers and diagnosis and treatment information were inaccessible, some information belonging to minors on agent and broker accounts on the agent and broker accounts was accessible, CMS stated in a letter to affected individuals. That included, among other things, name, date of birth, address, sex, the last four digits of the Social Security number that were listed on the applications, expected income, tax filing status, family relationships, whether the applicant is a citizen or an immigrant, immigration document types and numbers, and employer name.
Officials didn’t specify how the agent and broker accounts were breached, nor if officials had identified any potential suspects, according to a report in the New York Times.
Though it’s unclear whether all this information was actually accessed or misused, since identity theft’s a possibility given the breach involved sensitive personal information, including partial SSN, individuals should be aware of protective actions they can take. Free identity theft protection services through ID Experts, a data breach and recovery services expert, is being offered. A parent/guardian must first enroll as the primary member and then add the minor as a dependent for coverage for minors under the age of 18. Minors should have no credit history established and be under the age to secure credit. Credit monitoring’s unavailable.
The number of files accessed in the breach represented a small fraction of consumer records present on the FFE, the CMS stated.
In 2014, hackers breached security at the website of the government’s health insurance marketplace, HealthCare.gov, but did not steal any personal information on consumers, the Obama administration reported at the time.
Meantime, investigation of this most recent breach is ongoing and additional security measures are being put in place to ensure the safety of Healthcare.gov as well as the Marketplace process and the protection of consumer information, including during Open Enrollment.
For questions and to enroll their minor in free MyIDCare services, individuals are encouraged to contact ID Experts. The toll free number’s (877) 916-8382 / International (616) 425-8364 / TTY (866) 405-2133. Or you can go to https://secure.myidcare.com/enrollment/1?RTN=90000216 and use the Enrollment Code provided at the top of this letter.
MyIDCare experts are available Monday through Saturday, 9AM-9PM ET. Deadline to enroll is Feb. 7, 2019.