- Politics
- Diversity, equity and inclusion
- Financial Decision Making
- Telehealth
- Patient Experience
- Leadership
- Point of Care Tools
- Product Solutions
- Management
- Technology
- Healthcare Transformation
- Data + Technology
- Safer Hospitals
- Business
- Providers in Practice
- Mergers and Acquisitions
- AI & Data Analytics
- Cybersecurity
- Interoperability & EHRs
- Medical Devices
- Pop Health Tech
- Precision Medicine
- Virtual Care
- Health equity
CMS Says No Protected Health Information Exposed in Breach
The agency has reopened the Direct Enrollment pathway in the wake of last week’s security incident.
Hackers did not access any protected health information, banking or federal tax data in the breach last week that affected 75,000 patients through an online insurance portal run by the Centers for Medicare & Medicaid Services, according to the agency.
After CMS learned of the breach, it shut down the Direct Enrollment pathway, which allows agents and brokers to aid consumers with health insurance applications under the Affordable Care Act. CMS reopened the pathway this morning following a broad effort to improve the system’s cyberdefenses.
>> READ: CMS Discloses Breach Affecting 75K People, Offering Few Details
Although cyberattackers did not get their hands on sensitive health data, CMS officials are still investigating what type of information was compromised.
“Once the assessment is completed, affected individuals will be notified as quickly as possible through multiple channels,” CMS said in a statement sent to reporters this morning. “They will also be able to register for free credit protection and additional services to prevent and/or remediate any issues that have arisen from the use of their data, including identity monitoring services, identity theft insurance and identity restoration services.”
The agency worked with other arms of the U.S. Department of Health & Human Services to restore access to the Direct Enrollment pathway.
With today’s news, all enrollment pathways for 2019 health insurance coverage under the ACA are now open. The Direct Enrollment pathway is just one avenue for U.S. citizens to solicit coverage.
The attack came just before open enrollment begins, which is Nov. 1.
CMS staffers found “anomalous activity” in the system on Oct. 13 and declared it a breach three days later. They notified federal law enforcement officials, who kicked off an investigation that remains open.
Upon learning of the breach, CMS deactivated the agent and broker accounts associated with the irregular activity and took down the Direct Enrollment pathway. The agency said then it planned to relaunch the avenue today, a goal it has reached.
Reached last week for comment, CMS officials said they could not discuss the open investigation.
Get the best insights in healthcare analytics directly to your inbox.
Related
Can Outside Disruption Save Healthcare?
WannaCry, NotPetya and Cyberwarfare’s Threat to Healthcare
With 860K Affected Patients, July Among Worst Data Breach Months of Year
Cybersecurity panel: How hospitals can protect their patients and their systems
November 18th 2024Chief Healthcare Executive® presents the final installment in our series, with experts from HIMSS, the American Hospital Association, and Providence. In this episode, our panel offers advice on how health systems can improve.
Cybersecurity panel: The scope of recent ransomware attacks in healthcare
October 28th 2024Chief Healthcare Executive hosted a discussion on cybersecurity with leading experts from the American Hospital Association, HIMSS and the Providence health system. They talked about the growing problem of cyberattacks.
