Data of 75,000 at risk after breach of federal insurance exchanges

The Centers for Medicare and Medicaid Services is reporting unauthorized access to consumer data in systems that support federal insurance exchanges.

The agency says the breach affects personal information of thousands of individuals who get their health insurance from Federally Facilitated Exchanges under the Affordable Care Act.

The exchanges enable agents and brokers to assist consumers with applications for insurance coverage. Late last week, CMS announced that earlier in the week the agency detected unusual activity in the exchanges, known by the acronym FFEs.

“At this time, we believe that approximately 75,000 individuals’ files were accessed,” CMS said. “While this is a small fraction of consumer records present on the FFEs, any breach of our system is unacceptable.”

Many states did not create their own insurance exchanges, and CMS operates the FFEs to ensure individuals who want insurance can get it.

Also See: CMS needs better Medicaid breach info to identify trends

CMS will work to help individuals who may be affected by the breach and ensure the protection of consumer information, said CMS Administrator Seema Verma.

Verma-Seema-CROP.jpg
Seema Verma, Centers for Medicare and Medicaid Services administrator nominee for U.S. President Donald Trump, speaks during a Senate Finance Committee confirmation hearing in Washington, D.C., U.S., on Thursday, Feb. 16, 2017. Verma, the businesswoman Trump selected to oversee Medicaid, the health care program for 74 million low-income Americans, has said the program is structurally flawed by policies that burden states and foster dependency among the poor. Photographer: Pete Marovich/Bloomberg

“I want to make clear to the public that HealthCare.gov and the Marketplace Call Center are still available, and open enrollment will not be negatively impacted,” Verma adds. “We are working to identify the individuals impacted as quickly as possible so that we can notify them and provide resources such as credit protection.”

CMS started investigating unusual system activity on October 13 and confirmed the breach on October 16. Agent and broker accounts associated with the activity were deactivated, and the direct enrollment system for agents and brokers has been temporarily disabled.

“It is important to note that CMS is in the beginning stages of the assessment of this breach,” an agency spokesperson says. “This is an evolving situation, and we will continue to provide additional information.

For reprint and licensing requests for this article, click here.