A agência de seguros de saúde do governo dos EUA sofreu uma enorme violação de dados que permite aos hackers roubar informações pessoais de cerca de 75.000 clientes.
Os Centros de “Medicare and Medicaid Management” (CMS) divulgaram que em 13 de outubro encontraram uma atividade suspeita em seu Direct Enrollment pathway, um portal para agentes e corretores.
“CMS staff detected anomalous activity in the Federally Facilitated Exchanges or FFE’s Direct Enrollment pathway for agents and brokers… At this time, we believe that approximately 75,000 individuals’ files were accessed,” as stated in a press release by CMS.
De acordo com o CMS, o sistema foi imediatamente desativado após a violação ter sido divulgada e a polícia também alertada. Embora, até agora eles não tenham revelado muito sobre os tipos de informação vazados neste ataque.
No entanto, especula-se que os hackers possam ter comprometido o processo de inscrição do sistema HealthCare.gov, que inclui os nomes dos clientes, os números do seguro social, a renda, o status de seguro de saúde e a cidadania ou o status legal de imigração.
“Our number one priority is the safety and security of the Americans we serve. We will continue to work around the clock to help those potentially impacted and ensure the protection of consumer information,” said CMS Administrator Seema Verma.
“I want to make clear to the public that HealthCare.gov and the Marketplace Call Center are still available, and open enrollment will not be negatively impacted.”
“We are working to identify the individuals potentially impacted as quickly as possible so that we can notify them and provide resources such as credit protection.”
Pedro Tavares is a professional in the field of information security working as an Ethical Hacker/Pentester, Malware Researcher and also a Security Evangelist. He is also a founding member at CSIRT.UBI and Editor-in-Chief of the security computer blog seguranca-informatica.pt.
In recent years he has invested in the field of information security, exploring and analyzing a wide range of topics, such as pentesting (Kali Linux), malware, exploitation, hacking, IoT and security in Active Directory networks. He is also Freelance Writer (Infosec. Resources Institute and Cyber Defense Magazine) and developer of the 0xSI_f33d – a feed that compiles phishing and malware campaigns targeting Portuguese citizens.
Read more here.