Cyber Incident Victim: Health Insurance Marketplace

On October 13, 2018, the Centers for Medicare & Medicaid Services (CMS) detected anomalous system activity within a Healthcare.gov tool designed for insurance brokers assisting consumers with coverage enrollment. CMS formally declared a security breach three days later on October 16. The federally operated health insurance marketplace breach potentially exposed files for approximately 75,000 individuals, though CMS did not specify the types of compromised information. The agency stated it adhered to standard security and risk protocols during investigation and reporting. Immediate containment measures included securing affected systems and consumer data, launching a further internal investigation, and notifying federal law enforcement agencies. CMS emphasized its commitment to assisting potentially impacted individuals and reinforcing consumer data protections. The Direct Enrollment pathway for brokers remained temporarily disabled following the incident, though Healthcare.gov’s core functions continued operating normally.

This incident occurred against a backdrop of longstanding security concerns regarding federal and state healthcare exchange platforms, including a 2014 Healthcare.gov intrusion that did not result in data leakage. The breach’s timing coincided with heightened operational significance, as it preceded the November 1 opening of the 2019 coverage open enrollment period—a critical six-week window for uninsured individuals to obtain coverage unless qualifying for Special Enrollment later. CMS did not publicly attribute the breach to specific threat actors or disclose technical details of the attack vector. The agency maintained public assurances about system integrity while managing reputational and operational challenges linked to the Affordable Care Act’s politically contested marketplace platform.