MNsure security breach up for committee review - KMSP-TV

MNsure security breach up for committee review

Posted: Updated:
Tim Blotz | FOX 9 News Tim Blotz | FOX 9 News
ST. PAUL, Minn. (KMSP) -

A legislative committee overseeing MNsure, Minnesota's new online health insurance exchange, was on the defense at a Tuesday hearing over a security breach.

The MNsure Legislative Oversight Committee met at the Capitol on Tuesday morning to discuss next steps after a former employee at the agency mistakably emailed a document containing the private information of 1,600 insurance agents -- including addresses, drivers license information and Social Security numbers.

MNsure executive director April Todd-Malmlov said that the breach was not related to the IT data system consumers will use to sign up for insurance, which she contends will be the most secure in the state. Instead, she said simple human error and a few strokes of a keyboard were the cause.

The former employee, who has not been identified, was storing the personal information on a computer desktop and it was not encrypted, MNsure officials said.

Todd-Malmlov also confirmed at the hearing that MNsure did not need the broker's Social Security data information that was disseminated.

Yet, the breach led to hard questions from skeptical lawmakers and brokers whose information was compromised.

"You know, one of my questions is: Why was this data stored on a desktop and why was it not encrypted -- and is it encrypted now?" Bill Haas, of Haas Managed Benefits, asked.

MNsure will now perform a workstation-by-workstation review of its computers.

Minnesota legislative auditor Jim Nobles told the Oversight Committee that he'll be conducting a complete IT audit of MNsure, and that a third-party analysis will also be completed. So far, Nobles' investigation has already interviewed the employee who sent the e-mail under oath -- but he said he has already determined that the state practices need a thorough review.

"This is still going on at MNsure and throughout state government every day -- the use of the e-mail system to transmit communication and possibly unsecured data," Nobles said. "We need to take a really hard look at that."

Chief IT officer Chris Buse said an independent review of 232 security controls within the MNsure online exchange shows it meets federal standards and, according to Buse, boasts the best model in the state.

"This is an HR issue that we've fixed and we've moved on," MNsure board chairman Brian Beutner said during the hearing.


Minnesota is launching an online health insurance marketplace in compliance with the Affordable Care Act that requires every citizen to carry health insurance starting Jan. 1, 2014.

Minnesotans can enroll Oct. 1, but Todd-Malmlov said the site will not go live if there's a "smoking gun" regarding a security risk to the website.

Learn more about MNsure:

Powered by WorldNow

11358 Viking Drive
Eden Prairie, MN 55344

Phone: (952) 944-9999
Fax: (952) 942-0455

Didn't find what you were looking for?
All content © Copyright 2000 - 2014 Fox Television Stations, Inc. and Worldnow. All Rights Reserved.
Privacy Policy | New Terms of Service What's new | Ad Choices