Healthcare.gov might have a dedicated team looking after its welfare thanks to its disastrous launch, but it's still not completely bulletproof. Apparently, the insurance website was hacked in July, and the perpetrator managed to slip in malware that wasn't spotted until August 25th. Before you have a panic attack, though (the website did ask for your Social Security number, among other sensitive info), the Department of Health and Human Services says no data was stolen from the breach. According to HHS spokesperon Kevin Griffis, the compromised server didn't contain personal information, because it's only used for testing and should never have been connected to the internet in the first place.
Moreover, the malware wasn't designed to steal data -- the hacker slipped it in to use the server as a puppet for denial of service attacks on other government properties. These attacks constitute taking over many, many computers so hackers can use them to redirect traffic to a single website in an effort to take it down, indicating that Healthcare.gov wasn't being targeted in particular. HHS officials say Healthcare.gov undergoes regular security scans, and they've "taken measures to further strengthen security" since the breach took place.