Today The Centers for Medicare & Medicaid Services (CMS) announced that Healthcare.gov, the federally operated health insurance marketplace, has suffered a data breach. Apparently it detected "anomalous system activity" in a tool that's supposed to be used for brokers to help consumers get insurance coverage on October 13th, and declared the breach three days later.
The CMS reports that it believes files for as many as 75,000 people were accessed, however it did not say what information specifically may have been revealed. It said in a statement that "CMS followed standard and appropriate security and risk protocols for researching and reporting the incident. Upon verification of the breach, CMS took immediate steps to secure the system and consumer information, further investigate the incident, and subsequently notify Federal law enforcement. We are actively engaged in and committed to helping those potentially impacted as well as ensuring the protection of consumer information."
There have been warnings about security for state and federal healthcare websites before, and there was a hack in 2014 that didn't leak any data. The website is still operation, although the Direct Enrollment pathway for brokers has been disabled temporarily.
With the Affordable Care Act-created site in turmoil politically, the timing of the breach is especially bad just before open enrollment for 2019 coverage begins. It will run from November 1st until December 15th, giving people who don't have health insurance through some other means a way to get covered. Once that period closes, they can only sign up through a Special Enrollment period if they have a qualifying life event.