Topics
Reimbursement
Elevance, UnitedHealth among insurers accused of alleged price fixing
Elevance, UnitedHealth among insurers accused of alleged price fixing
Revenue Cycle Management
Mary Washington Healthcare latest to outsource revenue cycle 
Mary Washington Healthcare latest to outsource revenue cycle 
Strategic Planning
Two CFOs see promise of AI, but have yet to build a dedicated budget
Two CFOs see promise of AI, but have yet to build a dedicated budget
Capital Finance
Cigna nixes speculation of a Humana merger
Cigna nixes speculation of a Humana merger
Supply Chain
Feds shore up healthcare supply chain in wake of hurricanes Helene and Milton
Feds shore up supply chain in wake of hurricanes
Accounting & Financial Management
Labor expenses continue to challenge hospitals
Labor expenses continue to challenge hospitals
Budgeting
Health system operating margins declined in August
Health system operating margins declined in August
Quality and Safety
US healthcare system ranks last in equity, access
US healthcare system ranks last in equity, access
Billing and Collections
CFPB warns of illegal tactics by medical debt collectors
CFPB warns of illegal tactics by medical debt collectors
Claims Processing
Denials top reason for eroding provider-payer relationship
Denials top reason for eroding provider-payer relationship
Workforce
Elevance laying off 123 California employees
Elevance laying off 123 California employees
Operations
UAB, Press Ganey launch certificate program for healthcare leaders
UAB, Press Ganey launch certificate program for healthcare leaders
Medical Devices
Healthcare chatbots may promote racist misinformation
Healthcare chatbots may promote racist misinformation
Hospital/physician relations
Hospitals, physicians submit opposing views to FTC ruling on noncompetes
Hospitals, physicians submit opposing views to FTC ruling
Construction & Facilities Management
University Hospitals expanding with $3.2 million donation
University Hospitals expanding with $3.2M donation
Compliance & Legal
Johnson and Johnson sues HRSA for blocking 340B plan
J&J sues HRSA for blocking 340B plan
Policy and Legislation
Planned Parenthood, other groups decry executive power in House bill
Planned Parenthood, other groups decry House bill
Community Benefit
AMA pushes for stricter standards for hospital charity care policies
AMA pushes for stricter standards for hospital charity care policies
Accountable Care
NAACOS pushes ACO REACH extension after $1.54B in savings
NAACOS pushes ACO REACH extension
Acute Care
SDOH, tech key to advancing value-based care, says UHG
SDOH, tech key to advancing value-based care
Ambulatory Care
Cleveland Clinic and Amazon One Medical collaborate on primary care clinics
Cleveland Clinic and Amazon One Medical collaborate
Analytics
Interoperability in healthcare moving forward despite challenges
Interoperability in healthcare moving forward despite challenges
Business Intelligence
UPMC, Vanderbilt join Aegis Ventures in digital consortium
UPMC, Vanderbilt join Aegis Ventures in digital consortium
ICD-10 & Coding
Physician practices examine risk adjustment coding in wake of federal lawsuits
Practices keeping close watch on risk adjustment coding
Meaningful Use
Financial disincentives for providers who commit information blocking 
Financial disincentives for providers who commit information blocking 
Medicare & Medicaid
Trump picks Dr. Mehmet Oz to head CMS
Trump picks Dr. Mehmet Oz to head CMS
Patient Engagement
HHS, Illinois reach agreement on disability rights laws
HHS, Illinois reach agreement on disability rights
Pharmacy
CerpassRx, Waltz team on AI platform to manage specialty drug spend
CerpassRx, Waltz team on AI to manage specialty drug spend
Population Health
Reproductive care, including abortion, facing challenges
Reproductive care, including abortion, facing challenges
Risk Management
UPMC for You partners to offer Medicaid redetermination coverage in laundromats
UPMC for You offers Medicaid redetermination coverage in laundromats
Telehealth
Telehealth prescribing of controlled drugs extended through 2025
Telehealth prescribing of controlled drugs extended
Mergers & Acquisitions
Cardinal Health set to acquire two companies for combined $3.9B
Cardinal Health set to acquire two companies for combined $3.9B
View more
Oct 22, 2018 More on Medicare & Medicaid

CMS responds to data breach affecting 75,000 in federal ACA portal

Open enrollment, which begins November 1, will not be negatively impacted, CMS says.

Susan Morse, Executive Editor

The files of an estimated 75,000 individuals were accessed in a breach of Healthcare.gov for Affordable Care Act enrollment, according to  the Centers for Medicare and Medicaid Services.

CMS said it detected anomalous activity in the federally facilitated exchanges, or direct enrollment pathway for agents and brokers. The direct enrollment pathway, launched in 2013, allows agents and brokers to assist consumers with applications for coverage.

IMPACT

While 75,000 represents a small fraction of consumer records, any breach of the system is unacceptable, CMS said.

The news was released less than two weeks before the start of open enrollment on Thursday, Nov. 1.

CMS began the initial investigation of anomalous system activity on October 13, and a breach was declared on October 16. The agent and broker accounts that were associated with the anomalous activity were deactivated, and – out of an abundance of caution – the direct enrollment pathway for agents and brokers was disabled.

CMS said it is working to address the issue, implement additional security measures, and restore the direct enrollment pathway for agents and brokers within the next seven days.

TREND

Healthcare information is an attractive target for cyber attackers, and the Department of Health and Human Services, Office of Civil Rights, holds organizations responsible for breaches of HIPAA-protected information.

Healthcare entities are expected to have strong password policies and to monitor and respond to security incidents in a timely fashion, said OCR Director Roger Severino, in reference to a breach at Anthem that exposed the social security numbers, addresses, dates of birth and other information of an estimated 79 million members.

Last week, Anthem agreed to pay $16 million to settle the violations.

Through a phishing email attack in 2015, Anthem information on HIV/AIDS prescription drugs and the names of members were exposed through transparent windows of envelopes.

CMS is in the beginning stages of the assessment of this breach, the agency said, calling it "an evolving situation."

ON THE RECORD 

"Our number one priority is the safety and security of the Americans we serve. We will continue to work around the clock to help those potentially impacted and ensure the protection of consumer information," said CMS Administrator Seema Verma. "I want to make clear to the public that Healthcare.gov and the marketplace call center are still available, and open enrollment will not be negatively impacted. We are working to identify the individuals potentially impacted as quickly as possible so that we can notify them and provide resources such as credit protection."   

WHAT ELSE YOU NEED TO KNOW        

CMS said it followed standard and appropriate security and risk protocols for researching and reporting the incident. Upon verification of the breach, CMS took immediate steps to secure the system and consumer information, further investigate the incident, and subsequently notify federal law enforcement. 

The tool through which the breach occurred is only available through the currently-disabled direct enrollment pathway for agents and brokers. As a result, the remaining enrollment channels, including Healthcare.gov and the marketplace call center, remain operational.

Twitter: @SusanJMorse
Email the writer: susan.morse@himssmedia.com

News
Healthcare organizations ask HHS to delay quality measure reporting for ACOs Healthcare organizations ask HHS to delay quality measure reporting for ACOs The American Hospital Association and American Medical Association are among the 11 organizations signing the letter.