Cyber-attacks on healthcare data are becoming increasingly common and costly and last week even CMS announced that it had suffered a data breach. The breach was detected in the Direct Enrollment pathway that allows agents and brokers to assist consumers with applications in the federal facilitated ACA exchange. The breach affected approximately 75,000 individuals’ files.

CMS reported that it detected an anomaly in the system on October 13, 2018 and three days later it declared a breach. CMS also reported that it has taken steps to investigate the breach, disable this portion of the portal, and notify other federal authorities. It acknowledged that it will also need to identify the records affected and notify individuals. CMS emphasized that this attack will not impact open enrollment as remaining enrollment channels via are operational. The press release from CMS can be found here.

A recent study published in September by the Journal of the American Medical Association found some startling news: over 174.9 million patient records were breached over a seven year period between 2010 – 2017. It is clear that providers, payers, federal, and state governments are struggling to protect health care data. Latest figures are that health care breaches cost $408 per patient record which will affect health care costs.