Data breach stalls HealthCare.gov's direct enrollment system

The system normally gives agents and brokers a way to help clients get covered.

(Image: CMS)

The Centers for Medicare and Medicaid Services (CMS) says it has had to shut down the HealthCare.gov exchange plan enrollment tool for agents and brokers, just a week before the open enrollment period for 2019 is set to start, because of a data breach.

HealthCare.gov managers noticed “anomalous activity” Oct. 13, began investigating it, and declared a breach Oct. 16, according to CMS officials.

Related: New personas help HealthCare.gov team explain enrollment scenarios

Officials say they believe the HealthCare.gov Direct Enrollment pathway system for agents and brokers to view about 75,000 individuals’ files.

“The agent and broker accounts that were associated with the anomalous activity were deactivated, and — out of an abundance of caution — the Direct Enrollment pathway for agents and brokers was disabled,” CMS officials said.

CMS hopes to restore the Direct Enrollment pathway for agents and brokers within the next seven days, officials said.

Agents and brokers use the system to help clients resolve coverage problems all year round. Producers also use the system to help clients get covered, both through special enrollment period (SEP) applications and regular applications submitted during the open enrollment period for coverage.

The HealthCare.gov open enrollment period for 2019 is set to start Nov. 1 and run until Dec. 15.

The public-facing HealthCare.gov website and call center are still open for business, officials.

Seema Verma, the CMS administrator, said in a statement that CMS is working to identify the individuals potentially affected by the breach, to provide resources such as credit protection.

Ready for ACA open enrollment?