Thursday, November 07, 2013

MN Office of the Legislative Auditor to MNSure: You were less than adequate

Before Minnesota's online health exchange (MNSure) went live last month, there was tremendous concern over its viability, specifically having to do with the protection of personal information. Those concerns were not exactly assuaged in mid September when a security breach occurred. A MNSure employee inadvertently sent an unsecured email to an insurance broker's office, which contained an Excel spreadsheet that listed Social Security numbers of 2,400 insurance agents. Thankfully the recipient of the email immediately notified MNSure officials who in turn assisted the broker's office in deleting the file from their hard drive.

One thing that stood out to me is the fact insurance agents had to provide their own Social Security numbers as part of the process to apply for credit navigator training. Certainly another unique (and much less sensitive) identifier could have been utilized.

Yesterday, the MN Office of the Legislative Auditor released its findings on the matter. You can read the summary at the link as well as the full report here.

Bottom line of the findings: it would appear that we've been supplied with a substandard product that was hastily brought to the public, with inadequate training of MNSure employees to boot. Of course, given this is a government project, there certainly won't be any refunds or price breaks for the inconvenience or substandard service. But you already knew that.


No comments: