BizPacReview: First big Obamacare security breach reported
The Minneapolis Star Tribune reported Friday that MNsure, which will handle Minnesota’s health insurance exchange program for the Affordable Care Act, accidentally sent out more than 2,400 names, social security numbers and other sensitive information to an insurance broker.
When the security breach was discovered, MNsure phoned the broker, Jim Koester, to walk him and his assistant through the procedure for deleting the information from their database, the Star Tribune reported.
Koester told the Tribune he was shaken by the entire incident.
“The more I thought about it, the more troubled I was,” he said. “What if this had fallen into the wrong hands? It’s scary. If this is happening now, how can clients of MNsure be confident their data is safe?”
The Star Tribune reported:
Users of the exchange will need to provide sensitive information, including Social Security numbers, that will be sent to a federal hub to verify such things as citizenship and household income. This information will determine whether consumers using MNsure qualify for public health programs or tax credits that will lower the cost of premiums.
All states and the federal government, which also is setting up exchanges for some states, are scurrying to get the complex system running in less than three weeks.
Added to the exchanges are the “navigators,” who are being hired to help navigate health insurance consumers through the labyrinth called Obamacare. What happened in Minnesota was inadvertent. The navigator program is an epileptic with his hand hovering over the nuclear button. He’s going to hit it, and it’s going to go off — the only question is when.
Even though navigators will be privy to our most personal medical and financial information, the Obama administration will not require them to undergo any background checks, and they’ll be grossly undertrained, as Investors.com reported.
Investors.com also noted that each navigator will have an assistant, equally un-vetted and just as poorly trained, and will be privy to the same personal information.
Our of this very concern, “More than a dozen states have imposed licensing rules and limits on [navigators],” The Washington Post reported. Florida is one of those states that has done so.
Navigators operating in Florida, for example, must be fingerprinted and subjected to a background check — convicted felons need not apply. Furthermore, they can only assist licensed insurance agents unless they themselves are licensed to do so.
But that still leaves many other states whose citizens are unprotected.
This should concern everyone. The clock is ticking. The insurance exchanges are supposed to begin Oct. 1 — in two weeks — and the individual mandate is set to start January 1.
“The people who believe in this are so driven that there’s a subcontext of ‘Just let us do our job and get as many people signed up as possible, and we’ll pick up the debris later,’ ” said Steve Parente, a University of Minnesota finance professor who specializes in health IT issues.
If there’s still any doubt Obamacare is an example of “Ted Mack’s Amateur Hour,” the insurance broker who received the data by mistake has one final observation.
“The gorilla in the room is that they sent me something that’s not even encrypted,” Koester noted. “It’s unsecured, on an Excel spreadsheet — which is using outdated technology to transfer that information in the first place. They’ve got to realize they have a huge problem.”
It’s been said that the biggest lie ever told is, “I’m from the government, and I’m here to help you.” I can’t argue with that one.