In October, a breach in the security of government site healthcare.gov lead to the theft of data about thousands of individuals by hackers. Now, details about what data was stolen and who was affected have been shared by the Centers for Medicare and Medicaid Services (CMS). The leaked information includes partial Social Security numbers, immigration status, and whether the individuals in question were pregnant.
The CMS shared the information on a page on healthcare.gov, as well as sending out a letter to individuals affected by the breach. According to that letter, the following information was accessible to hackers and was potentially stolen:
- “Name, date of birth, address, sex, and the last four digits of the Social Security number (SSN), if SSN was provided on the application;
- Other information provided on the application, including expected income, tax filing status, family relationships, whether the applicant is a citizen or an immigrant, immigration document types and numbers, employer name, whether the applicant was pregnant, and whether the applicant already had health insurance;
- Information provided by other federal agencies and data sources to confirm the information provided on the application, and whether the Marketplace asked the applicant for documents or explanations;
- The results of the application, including whether the applicant was eligible to enroll in a qualified health plan (QHP), and if eligible, the tax credit amount; and
- If the applicant enrolled, the name of the insurance plan, the premium, and dates of coverage.”
CMS reassured affected users that no bank account numbers, credit card numbers, or diagnostic or treatment information was stolen, so users needn’t worry about fraudulent bank activity or erroneous credit card charges. However, this is still a large amount of personal and health information that has been made accessible to outsiders and could pose a risk for identity theft.
The hack affected around 75,000 of the over 11 million people who use the site. If your data was accessed by hackers, you can expect to receive a phone call and a letter from the CMS about the breach and about how it affects you. This includes information on free credit and identity monitoring services that will be provided to affected users to detect and reimburse you for identity theft which could occur as a result of this data breach.