You probably haven't heard of the department

The Centers for Medicare and Medicaid Systems is a low-profile division of the Department of Health and Human Services responsible for administering the Affordable Care Act.

Recently, the company announced that they detected anomalous activity in the systems related to the healthcare.gov website that brokers and insurance agents use to assist people who apply for healthcare coverage.

The abnormal activity was detected in the Federally Facilitated Exchange system and the direct enrollment pathway in particular.  This is connected to (but separate from) the healthcare.gov website itself.

A statement issued by the Centers for Medicare and Medicaid Systems said

"At this time, we believe that approximately 75,000 individuals' files were accessed.  While this is a small fraction of the consumer records present on the FFE, any breach of our system is unacceptable... We will continue to work around the clock to help those potentially impacted and ensure the protection of consumer information."

CMS made it clear that their investigation into the matter was still in its earliest stages.

They did offer the following additional information

"Upon verification of the breach, CMS took immediate steps to secure the system and consumer information, further investigate the incident, and subsequently notify federal law enforcement.  We are actively engaged in and committed to helping those potentially impacted as well as ensuring the protection of consumer information."

Additionally, CMS stated that they identified the broker accounts that were associated with the anomalous activity and deactivated them out of an abundance of caution.

At some point in the near future, we can expect that CMS will be contacting those whose data was compromised and providing them with a series of next steps. The agency is already moving to bolster their security measures and promises that they'll have them in place before the end of October 2018.

Our perspective

If you've used the healthcare.gov portal and required the assistance of a broker or insurance agent to get coverage for yourself and your family, there is a small chance your data may have been compromised. However, at this point, there's no way to be certain.  Be on the lookout for a communication from CMS in the near future, however, just in case.


The author

Thanks for reading this short post. For more tips on thriving with small business technology, check out the other blog posts at DWPia Blogs. I am also available at dwpia on LinkedIn, at dwpia on Facebook, and @dwpia on Twitter.

Cybersecurity Expert, Small Business Technology Consultant, Managed Services Provider, Managed IT Support

Denis S Wilson

I am President and Principal Consultant for DWP Information Architects: specializing in managed IT support for smaller healthcare practices, clinics, insurance companies, law firms, and construction companies in Ventura County and San Fernando Valley. And have created cost-effective IT solutions, for over 20 years, specializing in cybersecurity and regulatory compliance.

I am also a published author and speaker, working extensively with organizations that include: the State of California, the Federal Bureau of Investigation (FBI), the Small Business Administration (SBA), SCORE, Women's Business Centers, and Small Business Development Centers. As well as providing small business technology education programs through business and professional associations.

Contact me if you would like me to speak at your meeting.

Meanwhile, check out this report

Executive Report: 10 Hidden IT Risks That Might Threaten Your Business