According to a spokesman for the Department of Health and Human Services’ Centers for Medicare and Medicaid Services, the online pathway for agents and brokers into the federal insurance exchange was shut down earlier this week, though officials hope to reopen it a few days before the Nov. 1 start of the six-week enrollment period.
The tens of thousands of people whose records have been compromised account for a relatively small share of the 8.7 million Americans who signed up for this year’s coverage. But the breach comes as Trump’s health-care aides have been trying to foster a greater role for agents and brokers in the ACA sign-up process, instead of the HealthCare.gov computer system that consumers use directly.
The breach is apparently the first since fall 2013, when Americans began to buy health plans under the ACA, even though HealthCare.gov debuted with serious technical flaws that stymied many people who sought to enroll that initial year.
In a Friday evening statement, CMS Administrator Seema Verma said, “open enrollment will not be negatively impacted” because federal calls centers and HealthCare.gov will be uninterrupted for Americans who want to sign up.
Verma and other senior administration health officials have walked a fine line, opposing the ACA and adopting changes that weaken the law while portraying themselves as overseeing effective and cost-efficient enrollment cycles.
The CMS statement says the agency’s staff first noticed “anomalous activity” last Saturday in the online enrollment pathway available to agents and brokers. They began an initial investigation. On Tuesday, a breach was detected. A federal law enforcement investigation is now underway.
“We are working to identify the individuals potentially impacted as quickly as possible so that we can notify them and provide resources such as credit protection,” Verma said.
A CMS spokesman said that, because of the investigation, he could not address a variety of questions, including how the hack was noticed and whether officials know who committed the breach.
Verma said in the statement, “We will continue to work around the clock to help those potentially impacted and ensure the protection of consumer information.”