Security

 

via the Rhode Island Dept. of Administration:

RIBridges Alert

On December 13, 2024, the State was informed by its vendor, Deloitte, that there was a major security threat to RIBridges, the system that manages many of the state’s social services programs. Additionally, Deloitte confirmed that there is a high probability that a cybercriminal has obtained files with personally identifiable information.

This is the State of Rhode Island’s dedicated webpage for all the latest information on the breach. We understand this is an alarming situation, and we appreciate your patience as we investigate this matter. We will continue to navigate this challenge together. 

Update 12/16/24: 5 Steps to Protect Your Personal Information Today 

Governor McKee issued a public service announcement to encourage potentially impacted Rhode Islanders to take 5 steps to protect their personal information today. (see video above)

Update 12/15/24: RIBridges Data Breach Hotline Now Available  

In response to the recent story by KFF reporter Julie Appleby about rogue agents switching ACA exchange enrollee plans without their knowledge or permission, the Centers for Medicare & Medicaid Services (CMS) have released a statement about the actions they're taking to resolve the issue:

CMS is committed to protecting consumers in the Marketplace. CMS has received reports of consumers in HealthCare.gov states whose coverage was switched by agents and brokers without their knowledge. In response, CMS is taking swift actions to protect consumers from unauthorized activity by agents and brokers, and to root out bad actors who are violating CMS rules.  

It's been a long time since I've reported on any significant cybersecurity problems at any of the ACA exchanges. The last one I can think of off the top of my head was nearly a decade ago, and even that was about how some early flaws had been fixed.

Still, this story by Julie Appleby of KFF definitely isn't good news:

Unauthorized enrollment or plan-switching is emerging as a serious challenge for the ACA, also known as Obamacare. Brokers say the ease with which rogue agents can get into policyholder accounts in the 32 states served by the federal marketplace plays a major role in the problem, according to an investigation by KFF Health News.

Fire up the Wayback Machine, Peabody, and take us to September 2015:

AP's NEW "HC.gov Security Flaws" story attacks problems FIXED UP TO A YEAR AGO.

Last night I posted what seemed, at first, to be a merely-amusing (if a bit depressing) story about a Florida news station website accidentally (?) reposting a year-old AP newswire story about potential security vulnerabilities at Healthcare.Gov:

"Critical" flaw found in HealthCare.gov security

WASHINGTON -- The government's own watchdogs tried to hack into HealthCare.gov earlier this year and found what they termed a critical vulnerability - but also came away with respect for some of the health insurance site's security features.

Those are among the conclusions of a report released Tuesday by the Health and Human Services Department inspector general, who focuses on health care fraud.

The official tally of QHP selections nationally during the 2015 Open Enrollment Period (from 11/15/14 - 2/22/15) was 11,688,074 people.

The actual number of people still enrolled in effectuated plans (i.e., active) as of March 31, 2015, according to the HHS Dept., was 10,187,197 people. That's a net reduction of exactly 1,500,877.

On the surface, that may look bad, but bear in mind that with a 90% payment rate (which I suspect is actually pretty close to the non-ACA industry standard, and which is about 2 points better than last year), that means only about 10.5 million of the original enrollees would have been expected to actually be enrolled in March anyway. That leaves another 332,000 people who presumably paid up for January, February and/or March, but had dropped their policies by the end of March.

Advertisement