The government agency responsible for maintaining Healthcare.gov gets a scare which exposes data on 75,000 individuals.

Source: CMS.gov

The details: The Centers for Medicare and Medicaid Services (CMS), the sub-department of the U.S. Department of Health and Human Services, which manages important government websites like HealthCare.gov and Medicaid.gov, reported anomalous activity which led to access to the files of 75,000 individuals.

In response, CMS deactivated the Federal Facilitated Exchange Direct Enrollment pathway for agents and brokers. The agents and brokers accounts associated with the anomalous activity were also deactivated.

Why it matters: In a statement, CMS administrator Seema Verma said, “I want to make clear to the public that HealthCare.gov and the Marketplace Call Center are still available, and open enrollment will not be negatively impacted. We are working to identify the individuals potentially impacted as quickly as possible so that we can notify them and provide resources such as credit protection.”

CMS self-reported the anomalous activity and followed its standard procedures for investigating and shutting down effected portals. While Healthcare.gov was not part of the attack, the website has seen its share of technological (and political) troubles over the years. With open enrollment beginning November 1st, any malicious around CMS is concerning.

The hacker perspective:

Randori security engineer Tell Hause says,

“It’s always interesting to see where in the target network these attacks are performed. From what has been published we can see that the attackers focused on parts of the Medicare/Medicaid system that are not accessible to the general public and, as such, generally receives less oversight and testing than a publicly available Web portal. Without knowing more about the specifics of the information lost in this breach it’s hard to say whether or not there will be repercussions for the individuals targeted. Unfortunately, technical details are pretty scarce so it’s hard to tell whether this was a compromise of a backend system or rather compromises of agent’s accounts managing accounts of some 75,000 people. Given the temporary shutdown of the FFE service my gut says that something was actually wrong with the backend.”