• Politics
  • Diversity, equity and inclusion
  • Financial Decision Making
  • Telehealth
  • Patient Experience
  • Leadership
  • Point of Care Tools
  • Product Solutions
  • Management
  • Technology
  • Healthcare Transformation
  • Data + Technology
  • Safer Hospitals
  • Business
  • Providers in Practice
  • Mergers and Acquisitions
  • AI & Data Analytics
  • Cybersecurity
  • Interoperability & EHRs
  • Medical Devices
  • Pop Health Tech
  • Precision Medicine
  • Virtual Care
  • Health equity

Update: 94K Hit in CMS Data Breach


The data breach exposed the information of nearly 20,000 additional people, revised figures show.

cms breach,healthcaregov breach,aca breach

Almost 20,000 additional people were affected by a data breach that hit the Centers for Medicare & Medicaid Services (CMS) last month, bringing the tally to 93,689 individuals, according to the agency.

Since Oct. 16, when CMS detected “suspicious activity” in the Affordable Care Act-established Direct Enrollment Pathway for agents and brokers, the agency has notified all affected parties via mail and phone. The organization offered free credit protection and other preventive and remedial services related to identity monitoring, identity theft insurance and identity restoration, officials said this week.

>> READ: CMS Says No Protected Health Information Exposed in Breach

At first, about a month ago, CMS said that “anomalous activity” in the system had compromised data from roughly 75,000 people. But after working with law enforcement officials, the entity reached the updated total that it released this week.

The precise nature of the security incident remains unclear. After several requests for more information from Healthcare Analytics News™, CMS press officials have declined to comment, citing the open investigation.

In its latest update, the agency didn’t offer any additional information regarding the suspicious activity. We are awaiting comment from the U.S. Department of Health & Human Services Office of the Inspector General, which is now handling media requests related to the incident.

About a week after the data breach, CMS sent out an alert claiming that the breach didn’t affect any protected health information or banking or federal tax data.

A letter sent to victims, however, noted that names, dates of birth, addresses, portions of Social Security numbers, expected income, family relationships, health insurance status and other information might have been compromised in the incident.

The cyberattack occurred shortly before open enrollment began on Nov. 1, raising unfounded concerns that registration infrastructure could be paralyzed. Although CMS closed the Direct Enrollment Pathway — a portal that allows agents and brokers to help consumers obtain health insurance — other avenues remained unimpeded. CMS also returned service to the Direct Enrollment Pathway prior to November.

For more information, check out the Healthcare.Gov breach notice and frequently-asked-questions page.

Get the best insights in healthcare analytics directly to your inbox.


What to Do Before and After a Data Breach

CMS Discloses Breach Affecting 75K People, Offering Few Details

WannaCry, NotPetya and Cyberwarfare’s Threat to Healthcare

Recent Videos
Image: Ron Southwick, Chief Healthcare Executive
Related Content
© 2024 MJH Life Sciences

All rights reserved.