Hackers successfully broke into HealthCare.gov in July, but no consumer information was taken from the beleaguered Obamacare website that serves more than 5 million Americans, the Obama administration disclosed Thursday.
But the hackers installed malicious software that could have been used to attack other websites from the federal insurance portal.
HealthCare.gov serves 36 states, though more could be added when open enrollment begins Nov. 15. The remaining states run their own insurance exchanges.
"Today, we briefed key congressional staff about an intrusion on a test server that supports HealthCare.gov," said Aaron Albright, a spokesman for the Department of Health and Human Services.
"Our review indicates that the server did not contain consumer personal information; data was not transmitted outside the agency; and the website was not specifically targeted.
"We have taken measures to further strengthen security," Albright said.
The initial hacking occurred on July 8, but was not detected until Monday of last week during a manual scan of system logs, Albright said. HHS said the server that was breached did not have a firewall, or intrusion detection software, installed on it.
Technicians manually scanning logs discovered the breach Aug. 25 and took action, he said.
The scope of the attack was limited to one server, Albright said. No evidence existed that an attack was subsequently launched from there, he said.
News of the breach came as House Oversight and Government Reform Chairman Darrell Issa said that Marilyn Tavenner, head of the Centers for Medicare and Medicaid Services, had to testify before the panel by Sept. 18 on the continuing problems with the website.
"Considering this administration launched HealthCare.gov over the objections of CMS, it's unsurprising that the website has suffered a 'malicious attack,'" Issa said. "For nearly a year, the administration has dismissed concerns about the security of HealthCare.gov, even as it obstructed congressional oversight of the issue.
"The committee will continue to push for answers from the administration," Issa said.
HealthCare.gov has been besieged with problems since it went live last Oct. 1 with the Obamacare individual mandate. It has been taken down numerous times to repair glitches and other technical issues — and millions of Americans have faced delays in obtaining coverage because they could not access or maneuver the site.
Many congressional Republicans continue to question whether HealthCare.gov is hacker-proof, and the administration's own technical experts said security testing could not be completed because the site was experiencing so many last-minute changes.
HealthCare.gov eventually passed security certification.
"Sadly, the news that HealthCare.gov has been hacked does not come as a surprise," said Rep. Joe Pitts, a Pennsylvania Republican who chairs a panel that held hearings last year on the website's problems.
Tennessee Rep. Diane Black charged that "IT experts have long warned about the lack of security built into the federal Obamacare website. The vast amount of personal information that Americans are required to put into this site is an open invitation for hackers."
"That is why designing a secure website should have been a top priority for this administration.
"Worse, while HHS says that this time there was no sensitive personal information that was compromised, due to negligence on the part of the administration and the Democrat-led Senate, they would be under no obligation to disclose if sensitive personal information were breached," Black added. "This is unacceptable."
HHS says it does not appear the site was specifically targeted. Rather, the hackers seemed to have been probing numerous government and private websites for potential weaknesses.
The department's inspector general is coordinating with other law enforcement agencies to investigate.
The Associated Press contributed to this report.
© 2015 Newsmax. All rights reserved.