Thread: Obamacare exchange leaks data of 2,400 unsuspecting customers

Obamacare exchange leaks data of 2,400 unsuspecting customers

8:59 PM 09/14/2013

An employee of Minnesota’s Obamacare exchange, MNsure, sent an unencrypted file to the wrong person and left 2,400 people’s private information at the mercy of a nearby insurance agent.

One exchange staffer’s simple mistake gave insurance broker Jim Koester access to an Excel document of Social Security numbers, names, addresses and other personal data for whole a list of insurance agents. Luckily for the 2,400, Koester was cooperative — and unnerved.

“The more I thought about it, the more troubled I was,” Koester told the Minnesota Star Tribune. “What if this had fallen into the wrong hands? It’s scary. If this is happening now, how can clients of MNsure be confident their data is safe?”

While MNsure officials called Koester and ensured the data was deleted from the insurance company’s hard drives, such an easy breach of confidentiality before the Obamacare exchanges have even gone live heighten the security concerns many have already raised about the law.
Obamacare’s Federal Services Data Hub has received heavy criticism for insufficient security and delayed testing. The data hub will centralize and route private information of every Obamacare participant through an endless list of federal and state agencies and related businesses, but lawmakers are worried about privacy as the deadline approaches.

Pennsylvania Republican Rep. Pat Meehan, who has been leading the charge to delay the data hub, criticized the security breach.

“Obamacare’s data hub hasn’t even gone live yet, and already there are massive data breaches,” Meehan said in statement. “What more has to happen to convince this administration that the data hub is not ready for prime time?”

Obamacare exchange officials aren’t the only agents that will have access to private consumer data in the data hub. Along with any federal or state officials working with Obamacare, program “navigators” will have access to consumer information in order to help them make decisions about what insurance plan is the right choice.

Navigators will only receive 20 hours of training before having access to consumer data, a policy which turned heads at a tense congressional hearing. Pennsylvania Republican Rep. Scott Perry pointed out, “It takes 1,250 hours to become a barber in Pennsylvania, but to navigate insurance, these folks are going to be advising us with 20 hours?”

The data sent in the Minnesota email did not have any increased cybersecurity efforts attached to it. “The gorilla in the room is that they sent me something that’s not even encrypted. It’s unsecured, on an Excel spreadsheet,” Koester told reporters. “They’ve got to realize they have a huge problem.”

The completion date for cybersecurity testing on the data hub has been delayed until September 30, the day before Obamacare exchanges open for business.

MNsure issued a statement maintaining that “MNsure has a data privacy policy in place, and this employee’s action was a violation of this policy.”

But Meehan was not convinced. “It’s time to delay the data hub, now,” the congressman concluded.

Follow Sarah on Twitter

Content created by The Daily Caller News Foundation is available without charge to any eligible news publisher that can provide a large audience. For licensing opportunities of our original content, please contact licensing@dailycallernewsfoundation.org.

Tags: MNSure, Obamacare, Pat Meehan


http://dailycaller.com/2013/09/14/ob...ing-customers/

One of those highly trainer navigators I would guess, yes folks we're in good hands with Obamacare.

Obamascare: Insurance Exchange Accidentally Sends 2,400 Social Security Numbers To Minnesota Man

October 4, 2013 by Ben Bullard

PHOTOS.COM

Critics of the Affordable Care Act have long contended that Obamacare asks too many personal questions of would-be enrollees and is rife with the potential for fraud, abuse and privacy breaches.
Now those criticisms have been proven correct. A Minnesota insurance broker told the Star Tribune last month that he had received a document in his email that contained a trove of confidential information on more than 2,400 insurance agents, including things like names, Social Security numbers and business addresses.
The source? An unnamed staffer at MNsure, Minnesota’s new Obamacare health exchange online marketplace. The MNsure employee had accidentally sent the email to the wrong person (although it begs the question — who’s the right person to receive that much info about that many people?).
The Star Tribune reported:

An official at MNsure, the state’s new online health insurance exchange, acknowledged it had mishandled private data. A MNsure security manager called the broker, Jim Koester, and walked him and his assistant through a process of deleting the file from their computer hard drives.
Koester said he willingly complied, but was unnerved.
“The more I thought about it, the more troubled I was,” he said. “What if this had fallen into the wrong hands? It’s scary. If this is happening now, how can clients of MNsure be confident their data is safe?”

Good thing the email landed in an honest guy’s inbox, huh?
Exchange enrollees throughout the Nation are required to provide a lot of personal data, which is run through a Federal database for verification and to sort out candidates who are eligible for Obamacare subsidies from those who aren’t eligible. As everyone by now knows, that information also must be passed along to Obamacare’s enforcement arm: the Internal Revenue Service.
The hurried rollout of Obamacare for individuals has a slap-shot quality of reckless haste that finance and healthcare experts had cautioned against in testimony before lawmakers.
University of Minnesota Finance Professor Steve Parente, who this week testified in Washington about the potential pitfalls associated with the needlessly urgent rollout schedule, told the newspaper it’s impossible to implement even basic security and functionality in a system as complex as the healthcare exchanges if the schedule is dictated by political motives.
“The people who believe in this are so driven that there’s a subcontext of ‘Just let us do our job and get as many people signed up as possible, and we’ll pick up the debris later,’” he said.

Filed Under: Conservative Politics, Liberty News, Staff Reports


http://personalliberty.com/2013/10/0...minnesota-man/