About a month ago, KFF reporter Julie Appleby wrote a stunner of a report about rogue agents switching ACA exchange enrollees to different policies without their knowledge or permission.

In response, a couple of weeks later the Centers for Medicare & Medicaid Services (CMS) issued a statement about the actions they're taking to resolve the issue.

Today they issued an update on that:

In response to the recent story by KFF reporter Julie Appleby about rogue agents switching ACA exchange enrollee plans without their knowledge or permission, the Centers for Medicare & Medicaid Services (CMS) have released a statement about the actions they're taking to resolve the issue:

CMS is committed to protecting consumers in the Marketplace. CMS has received reports of consumers in states whose coverage was switched by agents and brokers without their knowledge. In response, CMS is taking swift actions to protect consumers from unauthorized activity by agents and brokers, and to root out bad actors who are violating CMS rules.  

It's been a long time since I've reported on any significant cybersecurity problems at any of the ACA exchanges. The last one I can think of off the top of my head was nearly a decade ago, and even that was about how some early flaws had been fixed.

Still, this story by Julie Appleby of KFF definitely isn't good news:

Unauthorized enrollment or plan-switching is emerging as a serious challenge for the ACA, also known as Obamacare. Brokers say the ease with which rogue agents can get into policyholder accounts in the 32 states served by the federal marketplace plays a major role in the problem, according to an investigation by KFF Health News.

Fire up the Wayback Machine, Peabody, and take us to September 2015:

AP's NEW " Security Flaws" story attacks problems FIXED UP TO A YEAR AGO.

Last night I posted what seemed, at first, to be a merely-amusing (if a bit depressing) story about a Florida news station website accidentally (?) reposting a year-old AP newswire story about potential security vulnerabilities at Healthcare.Gov:

"Critical" flaw found in security

WASHINGTON -- The government's own watchdogs tried to hack into earlier this year and found what they termed a critical vulnerability - but also came away with respect for some of the health insurance site's security features.

Those are among the conclusions of a report released Tuesday by the Health and Human Services Department inspector general, who focuses on health care fraud.

The official tally of QHP selections nationally during the 2015 Open Enrollment Period (from 11/15/14 - 2/22/15) was 11,688,074 people.

The actual number of people still enrolled in effectuated plans (i.e., active) as of March 31, 2015, according to the HHS Dept., was 10,187,197 people. That's a net reduction of exactly 1,500,877.

On the surface, that may look bad, but bear in mind that with a 90% payment rate (which I suspect is actually pretty close to the non-ACA industry standard, and which is about 2 points better than last year), that means only about 10.5 million of the original enrollees would have been expected to actually be enrolled in March anyway. That leaves another 332,000 people who presumably paid up for January, February and/or March, but had dropped their policies by the end of March.