An investigation has discovered that the California, Vermont and Kentucky sites left personal data vulnerable.
In a recent investigation of state-run health insurance exchange websites, “significant cybersecurity weaknesses” were discovered in California, Vermont and Kentucky, according to federal officials.
These flaws in the websites may have left the personal information of residents of those states open to hackers.
The Government Accountability Office (GAO) discovered the vulnerabilities. This independent agency functions as a watchdog organization over Congress. The investigation it conducted looked into the health insurance exchange websites of the individual states from October 2013 through March 2015. Originally, the report left the names of the affected states anonymous, but the Associated Press (AP) was able to obtain them as a result of a request through the Freedom of Information Act.
The AP has since reported that state officials have been aware of the security issues in the health insurance sites.
In fact, according to the article printed by the AP, state officials have been aware of the security issue in those state run insurance exchange sites since last September. However, many of the security issues have yet to be fixed.
According to a California insurance exchange spokesperson, there has not been any evidence to suggest that hackers have managed to breach the site and access the personal data of the customers who have enrolled there. That said, the spokesperson did not go on to provide any explanation as to what is being done in order to repair the security vulnerabilities.
A spokesperson for the governor’s administration in Kentucky has stated that there are efforts underway in attempts to repair the problem, adding that those efforts are currently in “various stages of completion and development.” That being said, it’s interesting to point out that Kentucky intends to scrap its own insurance marketplace in favor of joining the Healthcare.gov site run by the federal government. It intends to be a part of that site starting in September.
In Vermont’s case, Lawrence Miller, the director of health reform, explained that since the GAO investigation, the health insurance exchange has been taken over by a new vendor and no longer contains the security flaw that was initially discovered.