According to recent reports, the government run website, healthcare.gov, has been hacked. The worse news is that 75,000 records were accessed. TechCrunch provides information on the latest breach.
“A government system used by insurance agents and brokers to help customers sign up for healthcare plans was breached, allowing hackers to siphon off sensitive and personal data on 75,000 people.”
Sadly, this is not even the first time this has happened. CBS News reported the the HealthCare.gov server was hacked back in September, 2014.
“We have taken measures to further strengthen security,” the Department of Health and Human Services said to CBS News at the time.
Even that was not the beginning of the problems. In January of 2014, FreedomHacker reported that the new-at-the-time Healthcare.gov was hacked in four minutes.
It is an understatement to say that HealthCare.gov has had a spotty track record when it comes to security. Initially, hackers just seemed to be making a statement about how poorly the site was secured. Ironically, the 75,000 number came up in one of those early hacks years ago.
After a hack, it is presumed that the company takes extra steps that make further hacks unlikely. But the government insurance site has been plagued with security issues from the beginning. This time, hackers got away with personal information. And they found a new way to do it.
The breach was in the part of the system utilized by agents and brokers. It is unclear what type of information was taken. If you reuse your healthcare.gov password for other sites, you should change those passwords immediately. This is true whether or not it is determined that passwords were a part of the heist.
The good news is that the Centers for Medicare and Medicaid Services responded to the breach quickly, and immediately shut down the Direct Enrollment system so that they could implement new measures. They are also supplying credit protection for those affected.
It is also notable that the CMS made this breach public without hesitation, unlike Google. The company suffered a security breach in their Google+ system that led to Google closing the service altogether. They chose not to notify anyone because they were concerned about their image suffering the same negativity Facebook faced after the Cambridge Analytica scandal.
Besides changing your password, experts recommend using some type of password manager for added security.