• State confirms health data security breach
    The Associated Press | November 23,2013
    • Email Article
    •  Print Article

    File Photo Mark Larson is commissioner of the Department of Vermont Health Access. He said a security breach confirmed Friday on the state's health exchange website was the only one of its kind.
    MONTPELIER — Officials overseeing the Vermont Health Connect website confirmed Friday there was a security breach on the system last month in which one user got improper access to another user’s Social Security number and other data.

    A report from state to federal officials overseeing the health insurance exchanges set up under the Affordable Care Act said a consumer reported the incident with the Vermont Health Connect website Oct. 17.

    The consumer, whom officials would not identify, reported that he received in the mail — from an unnamed sender — a copy of his own application for insurance under the state exchange.

    “On the back of the envelope was hand-written ‘VERMONT HEALTH CONNECT IS NOT A SECURE WEBSITE!’ This was also (written) on the back of the last page of the printed out application,” said the incident report.

    The report was prepared by Greg Needle, privacy administrator with Vermont Health Connect, and filed with the federal Centers for Medicare and Medicaid Services, known as CMS. The Associated Press obtained it after a request under the state public records law to the Department of Vermont Health Access.

    The report did not identify the individual consumers involved in the breach.

    Mark Larson, commissioner of the Department of Vermont Health Access, said the incident described in the report was the only one of its kind since Vermont Health Connect launched Oct. 1. He said technical changes had been made in the way the system handles user names and passwords.

    “This was one case, and it was responded to appropriately,” Larson said, adding that the department’s main concern is data security and making sure the “unique circumstances” that led to the breach cannot be replicated today.

    During a meeting of the House Health Care Committee on Nov. 5, Rep. Mary Morrissey, R-Bennington, asked Larson to comment on information she had received about a security breach or breaches on the system. Larson said his department had investigated one such complaint and it had proven unfounded.

    Morrissey said Friday she was disturbed to hear now that the department had reported a breach to CMS more than two weeks earlier.

    Security breaches have been a concern nationally as federal and state exchanges have set up around the country. No major breaches have been reported, although in one publicized case the personal information of a South Carolina man was delivered to a website user who lives in North Carolina.
    • Email Article
    •  Print Article
    MORE IN Vermont News
    SUNDERLAND — Holding a sandwich bag containing a squirming, Eastern red-spotted newt, Evan Grant... Full Story
    Saving salamanders: Searching for signs of a deadly fungus
    The Vermont Agency of Transportation has decided to yank a new seat belt safety ad from the... Full Story
    State pulls seat belt safety ad
    “Vermont is still at the bottom of the barrel when it comes to state support for higher education. Full Story
    More Articles