The Centers for Medicare and Medicaid Services disclosed a recent Healthcare.gov breach affecting approximately 75,000 people.
The CMS said in a statement that its staff detected an attack in the Federally Facilitated Exchanges (FFE) Direct Enrollment pathway, which is the system that agents and brokers use to help customers apply for insurance through Healthcare.gov.
"CMS began the initial investigation of anomalous system activity in the Direct Enrollment pathway for agents and brokers on October 13, 2018 and a breach was declared on October 16, 2018. The agent and broker accounts that were associated with the anomalous activity were deactivated, and -- out of an abundance of caution -- the Direct Enrollment pathway for agents and brokers was disabled," CMS wrote in a press release. "We are working to address the issue, implement additional security measures, and restore the Direct Enrollment pathway for agents and brokers within the next 7 days."
This is not the first Healthcare.gov breach. In 2014, CMS reported an intrusion on a test server where malicious actors installed malware in order to launch DoS attacks on other websites. However, testing of Healthcare.gov in 2015 found the site "generally secure," according to white hat researchers.
CMS did not say what information was involved in the Healthcare.gov breach, but many experts, like Ruchika Mishra, director of products and solutions at Balbix, said it would not be surprising to find insurance applications include names, addresses and social security numbers.
This breach shows once again that no entity, not even the U.S. government, is immune from the dangers posed by hackers.
Ruchika Mishradirector of products and solutions, Balbix
"If this kind of data was exposed, users could face issues of identity theft and more," Mishra wrote via email. "This breach shows once again that no entity, not even the U.S. government, is immune from the dangers posed by hackers. To best combat these issues, an organization must implement security solutions that scan and monitor not just the organization-owned and managed assets, but also all third-party systems. Proactively identifying and addressing vulnerabilities that would put them at risk before they become entry points for attackers is the only way to stay ahead of breaches."
Zohar Alon, CEO of Dome9 Security Ltd., said that threat actors targeting the back-end system in the Healthcare.gov breach was telling.
"Attackers will always target the weakest point-of-entry into networks and that's why organizations must continuously monitor the threat landscape in real time and enforce security discipline across all assets, including connected sites," Alon wrote via email. "Continuous compliance is essential to keeping sensitive information safe and secure, while maintaining public trust."
Tim Erlin, vice president of product management and strategy at Tripwire, took time to praise the Healthcare.gov breach response by CMS.
"While there may be opportunities for criticism in any incident, CMS' detection, response and recovery times, including a public announcement, seem to demonstrate a high level of competence," Erlin wrote via email. "It's clear that they're not making up a response plan as they go here."
