Personal information of around 75,000 individuals is at risk from a health data breach that affected a Healthcare.gov portal for agents and brokers, CMS announced Oct. 19. The breached portal, called the Direct Enrollment pathway, allows agents and brokers to complete consumer applications for coverage on the federal facilitated healthcare exchanges. Consumers are required to provide Social Security numbers, income, health insurance status, and citizenship or legal immigration status when applying for healthcare insurance on the portal.
Early on, the Healthcare.gov portal, launched in 2013, was plagued with cybersecurity issues. According to a 2016 report by GAO, Healthcare.gov had 316 security incidents between October 2013 and March 2015, with 41 of those incidents involving possible breaches of personally identifiable information. GAO identified weaknesses in Healthcare.gov’s technical controls protecting data, including insufficiently restricted administrator privileges for data hub systems, inconsistent application of security patches, and insecure configuration of an administrative network. The report acknowledged that CMS had taken steps to improve data security on Healthcare.gov, such as developing required security program policies and procedures, establishing interconnection security agreements with its federal and commercial partners, and instituting required privacy protections.
Credits:
https://healthitsecurity.com/news/health-data-breach-on-healthcare.gov-portal-affects-75k-people
No comments:
Post a Comment