The Center for Medicare and Medicaid Services announced Friday that “anomalous activity” in the Federally Facilitated Exchanges has exposed the files of 75,000 individuals.
The breach was to FFE’s Direct Enrollment pathway for agents and brokers, a portal on that allows insurance professionals to help individuals apply for health insurance through the exchange. The agency announced that it has disabled all accounts associated with the activity and, “out of an abundance of caution,” shut down the pathway itself. CMS is currently working to “implement additional security measures” and plans to restore the tool within the next week.
“Our number one priority is the safety and security of the Americans we serve,” CMS Administrator Seema Verma said in a statement. “We will continue to work around the clock to help those potentially impacted and ensure the protection of consumer information.”
The agency is working to identify and notify the individuals who may have been affected, Verma continued.
Other enrollment channels, like the individual-facing Healthcare.gov or the Marketplace call center, were not impacted and remain active. Open enrollment for 2019, which begins Nov. 1, will not be negatively impacted, Verma said.
CMS began investigating the suspicious activity Oct. 13, and a breach was formally declared Oct. 16. The agency has notified federal law enforcement but did not offer any indication as to the perpetrator of the “suspicious activity.”