The HealthCare.gov website was hacked by cybercriminals, but no data was taken, according to the Obama Administration when it informed Congress. The incident was simply described as "an intrusion on a test server" related to HealthCare.gov. The security breach took place in July and wasn't discovered until late August.
It seems the test server was using a default password that was never changed - and shouldn't have been connected to the Internet in the first place. To make matters even worse, regularly scheduled security scans never occurred as they should have by administrators. The Department of Homeland Security (DHS) and other federal investigators are now trying to determine who is responsible.
"Our review indicates that the server did not contain consumer personal information, data was not transmitted outside the agency and the website was not specifically targeted," said Aaron Albright, Centers for Medicare and Medicaid Services spokesperson. "We have taken measures to further strengthen security."