An employee of Minnesota’s Obamacare exchange, MNsure, sent an unencrypted file to the wrong person and left 2,400 people’s private information at the mercy of a nearby insurance agent.
One exchange staffer’s simple mistake gave insurance broker Jim Koester access to an Excel document of Social Security numbers, names, addresses and other personal data for whole a list of insurance agents. Luckily for the 2,400, Koester was cooperative — and unnerved.
“The more I thought about it, the more troubled I was,” Koester told the Minnesota Star Tribune. “What if this had fallen into the wrong hands? It’s scary. If this is happening now, how can clients of MNsure be confident their data is safe?”
While MNsure officials called Koester and ensured the data was deleted from the insurance company’s hard drives, such an easy breach of confidentiality before the Obamacare exchanges have even gone live heighten the security concerns many have already raised about the law.
Obamacare’s Federal Services Data Hub has received heavy criticism for insufficient security and delayed testing. The data hub will centralize and route private information of every Obamacare participant through an endless list of federal and state agencies and related businesses, but lawmakers are worried about privacy as the deadline approaches.
Pennsylvania Republican Rep. Pat Meehan, who has been leading the charge to delay the data hub, criticized the security breach. “Obamacare’s data hub hasn’t even gone live yet, and already there are massive data breaches,” Meehan said in statement. “What more has to happen to convince this administration that the data hub is not ready for prime time?”
Obamacare exchange officials aren’t the only agents that will have access to private consumer data in the data hub. Along with any federal or state officials working with Obamacare, program “navigators” will have access to consumer information in order to help them make decisions about what insurance plan is the right choice.