The Department of Health and Human Services has revealed that a recent breach of the Healthcare.gov site – which it announced with little detail in October – exposed the data of 75,000 individuals, including partial Social Security numbers, immigration status, and other personal information.
The site includes a tool for licensed insurance agents and brokers to search for consumers who have an application stored on the system. HHS discovered in mid-October that some of these accounts were performing excessive searches, apparently being used by an unauthorized party. They immediately disabled those accounts and the search feature itself.
However the data exposed includes much of the personal information that the site stores, including applicants’ identification data, income and tax filing information, reported pregnancy status, citizen/immigrant status, employment information, eligibility for health plans, and any plan they are enrolled in.
The information accessed did not include full Social Security numbers, or information the site does not collect, such as financial account details or general health information.
HHS will provide those whose data was exposed with free identity theft protection services.