The alarming frequency of data breaches among health insurers has led some to wonder whether a massive data warehouse of Healthcare.gov customers' personal information is vulnerable to a cyberattack, the Associated Press reports.
The Multidimensional Insurance Data Analytics System (MIDAS) is a "perpetual central repository for capturing, aggregating and analyzing information on health insurance coverage," according to a fact sheet from the federal IT Dashboard program.
MIDAS stores data that includes names, Social Security numbers, birthdates, addresses, phone numbers, passport numbers, employment status and financial accounts of people covered under the Affordable Care Act, the AP notes.
Though the National Archives recommended that the government store the data for no longer than 10 years, the Obama administration told the AP that it has not yet decided how long it will keep the data.
At least two prominent Republicans have criticized the administration's treatment of the data, according to the article. Sen. Orrin Hatch (R-Utah) called the practice "careless," and former Social Security Commissioner Michael Astrue said that while the government may need to keep the data on hand for "a reasonable period," there is no justification to store it indefinitely.
It's also a major concern that the Healthcare.gov website doesn't alert customers that the government routs their data to MIDAS, Michelle De Mooy, deputy director for consumer privacy at the Center for Democracy & Technology, told the AP.
And it's not just MIDAS--a report from the Government Accountability Office last September said the launch of the Healthcare.gov site left it open to a security breach.
Data security is an increasingly hot topic in the healthcare industry thanks to a series of high-profile breaches. An attack on major health insurer Anthem in February compromised the personal information of more than 80 million people, followed by a hack of Premera Blue Cross in March that affected 11 million customers and a CareFirst BlueCross BlueShield breach that affected 1.1 million.
The costs of such breaches has risen 23 percent since 2013, FierceHealthIT reported, and Anthem may face damage-control costs of more than $100 million.