CMS Says No Protected Health Information Exposed in Breach

Jack Murtha
OCTOBER 26, 2018
cms breach,cms aca breach,medicare breach,hca news

Hackers did not access any protected health information, banking or federal tax data in the breach last week that affected 75,000 patients through an online insurance portal run by the Centers for Medicare & Medicaid Services, according to the agency.

After CMS learned of the breach, it shut down the Direct Enrollment pathway, which allows agents and brokers to aid consumers with health insurance applications under the Affordable Care Act. CMS reopened the pathway this morning following a broad effort to improve the system’s cyberdefenses.

>> READ: CMS Discloses Breach Affecting 75K People, Offering Few Details

Although cyberattackers did not get their hands on sensitive health data, CMS officials are still investigating what type of information was compromised.

“Once the assessment is completed, affected individuals will be notified as quickly as possible through multiple channels,” CMS said in a statement sent to reporters this morning. “They will also be able to register for free credit protection and additional services to prevent and/or remediate any issues that have arisen from the use of their data, including identity monitoring services, identity theft insurance and identity restoration services.”

The agency worked with other arms of the U.S. Department of Health & Human Services to restore access to the Direct Enrollment pathway.

With today’s news, all enrollment pathways for 2019 health insurance coverage under the ACA are now open. The Direct Enrollment pathway is just one avenue for U.S. citizens to solicit coverage.

The attack came just before open enrollment begins, which is Nov. 1.

CMS staffers found “anomalous activity” in the system on Oct. 13 and declared it a breach three days later. They notified federal law enforcement officials, who kicked off an investigation that remains open.

Upon learning of the breach, CMS deactivated the agent and broker accounts associated with the irregular activity and took down the Direct Enrollment pathway. The agency said then it planned to relaunch the avenue today, a goal it has reached.

Reached last week for comment, CMS officials said they could not discuss the open investigation.

Get the best insights in healthcare analytics directly to your inbox.

Related
Can Outside Disruption Save Healthcare?
WannaCry, NotPetya and Cyberwarfare’s Threat to Healthcare
With 860K Affected Patients, July Among Worst Data Breach Months of Year

SHARE THIS SHARE THIS
0
Become a contributor