Surprise: Officials confirm security breach on Vermont’s Obamacare exchange
posted at 4:16 pm on November 25, 2013 by Guy Benson
Democrats run the show in liberal Vermont, where the state government has set up a foundering and costly Obamacare exchange — free from the pervasive and insidious threat of “Republican obstructionism.” Nothing to see here, Vermont residents:
Officials overseeing the Vermont Health Connect website confirmed Friday there was a security breach on the system last month in which one user got improper access to another user’s Social Security number and other data. A report from state to federal officials overseeing the health insurance exchanges set up under the Affordable Care Act said a consumer reported the incident with the Vermont Health Connect website on Oct. 17. The consumer, whom officials would not identify, reported that he received in the mail — from an unnamed sender — a copy of his own application for insurance under the state exchange. “On the back of the envelope was hand-written ‘VERMONT HEALTH CONNECT IS NOT A SECURE WEBSITE!’ This was also (written) on the back of the last page of the printed out application,” said the incident report. The report was prepared by Greg Needle, privacy administrator with Vermont Health Connect, and filed with the federal Centers for Medicare and Medicaid Services. The Associated Press obtained it after a request under the state public records law to the Department of Vermont Health Access. The report did not identify the individual consumers involved in the breach.
Vermont’s Obamacare chief has assured citizens that this error was isolated and has been “responded to appropriately.” So we’re all good. Thus far, news stories on Obamacare data security breaches have involved honest citizens and IT specialists probing for weaknesses. Might there be other characters out there exploiting unknown vulnerabilities for more nefarious purposes? Not to worry; Kathleen Sebelius “feels like” the websites are secure, even as security experts urge the administration to take Healthcare.gov off-line until safeguards are enhanced. And why wouldn’t people trust her casual assessment over the urgent warnings of people whose expertise lies in the realm of online security? Suck it up and carry on, folks. It’s not like the navigators handling your private data might be convicted felons, or anything.
Recently in the Green Room: