Hackers have stolen data relating to 75,000 people who registered with Healthcare.gov, the Affordable Care Act website.

Those behind the hack did not hack the site directly but via the Federally Facilitated Exchanges portal used by healthcare insurance agents and brokers to enroll users into health plans made available through the official HealthCare.gov portal.

The Centers for Medicare & Medicaid Services, the government agency that manages the site, confirmed the hack, saying that it first occurred Oct. 13 and that the “anomalous activity” was detected Oct. 16. The data stolen was reported Sunday to include “names, addresses, social security numbers, and more.”

“The agent and broker accounts that were associated with the anomalous activity were deactivated, and — out of an abundance of caution — the Direct Enrollment pathway for agents and brokers was disabled,” the CMS said in a statement Friday. “We are working to address the issue, implement additional security measures, and restore the Direct Enrollment pathway for agents and brokers within the next 7 days.”

The hack does not affect enrollments to U.S. federally mandated healthcare, often dubbed “Obamacare,” but it does affect a small number of those enrolled.

How the hack occurred, such as its attack vector and whether it included unpatched servers or unprotected cloud instances, was not disclosed. The Federal Bureau of Investigation is said to be investigating the matter.

“At the Centers for Medicare & Medicaid Services, the safety and security of consumer information is our utmost priority,” the government body noted. “It is important to note that CMS is in the beginning stages of the assessment of this breach. This is an evolving situation and we will continue to provide additional information.”

Photo: Will O’Neill/Flickr