Late last month, HealthCare.gov suffered a data breach exposing 75,000 customers. Details were sparse at the time of the breach, but have now learned that hackers obtained “inappropriate access” to a number of broker and agent accounts, which “engaged in excessive searching” of the government’s healthcare marketplace systems. TechCrunch reports:
[The Centers for Medicare and Medicaid Services (CMS)] didn’t say how the attackers gained access to the accounts, but said it shut off the affected accounts “immediately.” In a letter sent to affected customers this week (and buried on the Healthcare.gov website), CMS disclosed that sensitive personal data — including partial Social Security numbers, immigration status and some tax information — may have been taken.
According to the letter, the data included name, date of birth, address, sex, and the last four digits of the Social Security number (SSN), if SSN was provided on the application. Other information could include expected income, tax filing status, family relationships, whether the applicant is a citizen or an immigrant, immigration document types and numbers, employer name, pregnancy status, health insurance status, and more. The government did say that no bank account information was stolen.