Attackers broke into a sign-up system used by healthcare insurance agents and brokers to help consumers apply for coverage.
The Center for Medicare and Medicaid Services (CMS) has reported a sign-up system for Healthcare.gov has been breached, leading to the compromise of 75,000 users' personal data.
On Oct. 13, CMS staff detected suspicious activity in the Federally Facilitated Exchanges (FFE) – the FFE's Direct Enrollment pathway – a system used by healthcare insurance agents and brokers to help consumers apply for coverage available on Healthcare.gov.
When the breach was confirmed on Oct. 16, officials deactivated agent and broker accounts associated with the anomalous activity and disabled the pathway. "We are working to address the issue, implement additional security measures, and restore the Direct Enrollment pathway for agents and brokers within the next 7 days," CMS said in a release.
The tool used to breach the system is available only via the disabled pathway. All other FEE enrollment channels, including Healthcare.gov and the Marketplace Call Center, are running. It's worth noting the compromised system is available only to agents and brokers, not the general public.
CMS said open enrollment will not be negatively affected by the incident, and it's planning to notify all those potentially affected "as quickly as possible."
Read more details here.
Black Hat Europe returns to London Dec 3-6 2018 with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the conference and to register.
About the Author(s)
You May Also Like
Defending Against Today's Threat Landscape with MDR
April 18, 2024The fuel in the new AI race: Data
April 23, 2024Securing Code in the Age of AI
April 24, 2024Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024