HealthCare.gov, the government's insurance enrollment website, was breached in July by a hacker or hackers, according to CMS officials at a briefing on Thursday. The officials said that while the intruders uploaded malware, they took no personal information.
Officials say the breach was discovered last week and a government security team upgraded the site's security. The website serves more than 5 million Americans.
Several news organizations reported on the breach. The Wall Street Journal was first, and reported that officials said the hacker appears only to have gained access to a server used to test code for HealthCare.gov.
[See also: Privacy and security experts will share best practices Sept. 8-9.]
CMS issued a statement saying the incident would not affect the start of the second insurance enrollment period, set to begin Nov. 15.
It's not likely to be the last words on the intrusion.
House Oversight and Government Reform Committee Chairman Darrell Issa, R-Calif. is calling for CMS Administrator Marilyn Tavenner to testify before the committee on Sept. 18.
The government website was plagued from its botched launch on Oct. 1, 2013, when it crashed, overwhelmed by too much traffic. Some of the problems were attributed to "bad code" and others to a rush to open for business.
A Senate report later concluded that bad code and lack of leadership were critical factors to the site's troubles.
It also raised security issues.
"The breakdown was not a surprise to dozens of high-level officials within CMS and HHS, nor to hundreds of individuals working for the contractors who had developed the code for the website," the report contends. "These individuals were aware for months of gaping holes in testing, critical security concerns and failures under the most modest simulations.
[See also: Senate details HealthCare.gov crash .] and [Bad code, bureaucracy prove a toxic combo for Healthcare.gov.]
