HealthCare.gov System Breached: 75,000 Users Affected
Hackers have breached a HealthCare.gov sign-up form, stealing the personal data of nearly 75,000 people.
- By Sydny Shepard
- Oct 24, 2018
Hackers have breached a HealthCare.gov sing-up system, stealing the personal information of nearly 75,000 people, the government said.
The system is named Federally Facilitated Exchanges (FFE), and is managed by the Centers for Medicare & Medicaid Services (CMS). Healthcare insurance agents and brokers use the FFE to enroll users into Obamacare plans made available through the official HealthCare.gov portal.
The CMS said it detected "anomalous system activity" in the FFE on October 13, 2018 and stated an immediate investigation.
"The agent and broker accounts that were associated with the anomalous activity were deactivated, and - out of an abundance of caution - the Direct Enrollment pathway for agents and brokers was disabled," the CMS said in a press release.
The government agency says it plans to re-enable FFE direct enrollment for agents and brokers within the next seven days.
Ryan Wilk, VP of Customer Success for NuData Security, a Mastercard company, believes the government should be taking advantage of technology that stops an attack before it even happens.
"Online services could be made more secure using technologies that detect anomalous activity at the enrollment stage, before the attack takes place," Wilk said. "Government agencies and businesses online can protect their placements by adding security layers such as passive biometrics and behavioral analytics – and evaluate beyond the credentials. With this approach, online organizations can flag suspicious enrollments or unusual activity happening within the account, preventing an attack.”
Sydny Shepard is the Executive Editor of Campus Security & Life Safety.