MNsure security breach shows need for oversight, expert says

5:26 PM, Sep 13, 2013   |    comments
  • Share
  • Print
  • - A A A +

MINNEAPOLIS -- State lawmakers are calling for a meeting to learn more about a security breach at the state's new online health insurance exchange.

In a statement, MNsure officials confirmed that a MNsure employee "inadvertently sent a document containing the private information of 2,400 agents/brokers" to an Apple Valley insurance broker's office.

The affected agents and brokers had provided their names, addresses and social security numbers as part of their application for certification with MNsure -- that private information was included in the errant email.

MNsure officials said they "acted immediately upon learning" what had happened by helping the Apple Valley workers to delete the data. MNsure also plans to conduct a thorough investigation, and they're contacting all the affected agents and brokers.

Meantime, Professor Steve Parente with the University of Minnesota said this latest breach is exactly why the new health care program needs oversight -- on both the state and federal levels.

"I think the mistake is an honest mistake, and it's probably driven in part by just this rush to get everything to go, to get everybody to sign up (by the Oct. 1 deadline)," Parente said.

As the Director of the Medical Industry Leadership Institute at the U of M, Parente also testified this week on Capitol Hill about the potential security dangers of the federal "hub" connected to the health care system.

"It's literally the largest IT project that anyone's ever attempted, and it should have at least an executive summary or some report out there from an external body saying this thing is bullet proof. And it should come out every year," Parente said.

Meantime, Gov. Mark Dayton defended the program, saying "human error" happens and this lapse shouldn't detract from an otherwise strong program.

"The breach of privacy was a serious violation of their protocol and procedures and they'll learn from that and make them even stronger in the days following," Dayton said.

"I think the fact that they found it immediately, acted on it immediately and responsibly, corrected it, eliminated the threat of circulation, doesn't absolve them of the responsibility of the error, but the next best thing to not making a mistake, is making a mistake, catching it right away and correcting it," he said.

A state committee dedicated to the legislative oversight of MNsure plans to talk about the security breach at a meeting on Sept. 24 at 9 a.m.

(Copyright 2013 by KARE. All Rights Reserved. This material may not be published, broadcast, rewritten or redistributed.)

Most Watched Videos