A hacker broke into part of the HealthCare.gov insurance enrollment website in July and uploaded malicious software, according to federal officials.

Investigators found no evidence that consumers' personal data were taken or viewed during the breach, federal officials said. The hacker appears only to have gained access to a server used to test code for HealthCare.gov, the officials said.

The server was connected to more sensitive parts of the website that had better security protections, the officials said. That means it would have been possible, if difficult, for the intruder to move through the network and try to view more protected information, an official at the Department of Health and Human Services said. There is no indication that happened, and investigators suspect the hacker didn't intend to target a HealthCare.gov server.

The prospect nevertheless raised concerns among federal officials because of how easily the intruder gained access and how much damage could have occurred.

The HHS official said the attack appears to mark the first successful intrusion into the website, where millions of Americans bought insurance starting last year under the 2010 Affordable Care Act. The agency discovered the attack last week.