Man Who Discovered HealthCare.gov Privacy Breach Still Waiting for Help
Kelsey Lucas /
It’s been five days since Justin Hadley received a total stranger’s private information on HealthCare.gov, and despite claims from the U.S. Department of Health and Human Services, he’s still without answers.
On Sunday, Hadley could access the private eligibility information of Tom Dougall, a man in South Carolina who had also attempted signing up on HealthCare.gov. Furious, Hadley called the North Carolina Department of Health and Human Services, HHS Secretary Kathleen Sebelius, and HHS directly. He also filled out a contact form on the HHS website.
It wasn’t until Monday afternoon that Hadley received a call from an HHS representative. She left him a voicemail with directions on how to fix his “login problem,” never addressing the security breach he had contacted them about.
“The message said if I’m wanting information regarding logging into the system, I should call this number for help,” Hadley explained.
But Hadley wasn’t reaching out to HHS for login help and the number HHS directed him to was the same HealthCare.gov hotline he’d called all weekend.
“When I called this same number Sunday, the woman on the phone asked for all of my personal contact information and then hung up on me,” Hadley explained.
Desperate for help, he called the HealthCare.gov hotline as directed again Monday afternoon. This time, the woman on the phone said she couldn’t do anything and told Hadley he “will have to call Experian about this.”
Experian is a private, global credit report company. It offers credit reporting, credit score, credit monitoring, and identify theft protection services to individuals and businesses. So it was no surprise when Hadley called Experian to explain his problem that the representative on the phone couldn’t help.
“I told her what happened and she just laughed and said you have to call HHS,” Hadley said. At that point, he was getting nowhere and decided not to start the cycle again.
Meanwhile, HHS released a statement last night blaming the security breach on a “software code.”
“An incident involving the personal information of one consumer was reported to [the Centers for Medicare and Medicaid Services] and we took immediate steps to address the issue,” HHS spokesman Fabien Levy said. “We identified a piece of software code that needed to be fixed and that fix is now in place.”
But Hadley says his account still exists on HealthCare.gov, and while the links to download Dougall’s eligibility letter have been removed, he can still see the notices. (Screenshot below.) On the next page, he sees a new screen that only shows his user ID and security questions with answers he never chose.
“My security questions are right, but the answers are wrong,” Hadley explained. “What I entered into the system isn’t what I see now.”
Hadley has also contacted his U.S. senators, Kay Hagan (D-NC) and Richard Burr (R-NC), as well as Representative Howard Coble (R-NC). He has yet to hear back from any of them or speak to anyone who knows how to fix his problem. Meanwhile, his account is still active on HealthCare.gov.
“I just want my whole account completely removed from the system,” Hadley pleaded.
UPDATE: An earlier version of this post said Hadley received a call from HHS stating the government knew about his problem and that he emailed HHS. HHS has never addressed the security breach to him and he has only filled out contact forms on their website.