The hacked system was connected to the Healthcare.gov website, the front-facing portal for anyone signing up for an insurance plan under former President Obama’s healthcare law, the Affordable Care Act. Hackers targeted the behind-the-scenes system that insurance agents used to help customers directly enroll in new plans, and not the consumer Healthcare.gov site itself.
In order to sign up for healthcare plans, customers have to give over a ton of personal data — including names, addresses, and their social security number. CMS didn’t say exactly what kind of data was included in the stolen files, nor did it say how the breach happened.
Spokesperson Jonathan Monroe didn’t respond to a request for comment.
CMS said that the Healthcare.gov website was unaffected. Open enrollment in new healthcare plans — set for November 1 — will be unaffected, the statement said. Officials are “working to identify the individuals potentially impacted as quickly as possible so that we can notify them and provide resources such as credit protection.”