Americans can still enroll for coverage, but exchange marketplace is down

A major cyber-attack on the US government’s health insurance system saw the sensitive records of 75,000 people compromised, according to an announcement made on Friday.

The Centers for Medicare and Medicaid Services (CMS) said that on October 13, suspicious activity was first detected on its Direct Enrollment pathway – the system used by brokers and consumers alike to shop around for insurance coverage.

A breach was subsequently disclosed on October 16, and the system was immediately deactivated with law enforcement also alerted, CMS said.

It is not known who was responsible for the attack, but the breach comes just weeks before the annual enrollment period for health care coverage.

Americans can still sign up on November 1, as the public-facing website Healthcare.gov remains unaffected by the security incident, as does the Marketplace Call Center.

“Our number one priority is the safety and security of the Americans we serve,” Seema Verma, a CMS administrator, said in a statement released late on Friday.

“We will continue to work around the clock to help those potentially impacted and ensure the protection of consumer information.”

As its investigation continues, CMS has released no details regarding what type of information was compromised, but the Direct Enrollment pathway is expected to be back up and running next week.

“This is an evolving situation and we will continue to provide additional information,” CMS added.

“We are working to identify the individuals potentially impacted as quickly as possible so that we can notify them and provide resources such as credit protection.”

The news follows a bad month for security within US federal agencies after 30,000 military personnel had their information compromised due to a data breach on a third-party system used by the Department of Defense.