BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Obamacare Employee Accidentally Sends Out 2, 400 Social Security Numbers

From: blitz <blitz () strikenet kicks-ass net>
Date: Sun, 15 Sep 2013 15:44:26 -0400




 

The Obamacare Hub -Transfer of Data and Dollars
<http://www.freedomworks.org/files/TheObamacareHub.pdf>


==========================================================

http://www.weeklystandard.com/blogs/obamacare-employee-accidentally-sends-out-2400-social-security-numbers_753991.html


  Obamacare Employee Accidentally Sends Out 2,400 Social Security Numbers

9:05 AM, Sep 14, 2013 . By JEFFREY H. ANDERSON
<http://www.weeklystandard.com/author/jeffrey-h.-anderson%0A%20>

 

With Obamacare's massive Patient Data Hub poised to open soon
<http://www.washingtonpost.com/national/health-science/obamacares-data-hub/2013/09/10/d1640cb4-1a46-11e3-a628-7e6dde8f889d_story.html>,
a sloppy mistake by an Obamacare employee hasn't exactly inspired
confidence that Americans' private information will be closely guarded
by Obamacare's powers-that-be.  As the /Minneapolis Star Tribune/
reports (and Andrew Johnson highlights
<http://nationalreview.com/corner/358469/minn-obamacare-exchange-employee-e-mails-thousands-social-security-numbers-andrew>
at NRO), an Obamacare exchange employee in Minnesota accidentally sent
out an email containing 2,400 Americans' Social Security numbers. 

The /Sta r Tribune/ writes <http://www.startribune.com/>:

"A MNsure employee accidentally sent an e-mail file to an Apple Valley
insurance broker's office on Thursday that contained Social Security
numbers, names, business addresses and other identifying information on
more than 2,400 insurance agents.

"An official at MNsure, the state's new online health insurance
exchange, acknowledged it had mishandled private data. A MNsure security
manager called the broker, Jim Koester, and walked him and his assistant
through a process of deleting the file from their computer hard drives.

"Koester said he willingly complied, but was unnerved.

"'The more I thought about it, the more troubled I was,' he said. 'What
if this had fallen into the wrong hands? It's scary. If this is
happening now, how can clients of MNsure be confident their data is safe?'"

"Users of the exchange will need to provide sensitive information,
including Social Security numbers, that will be sent to a federal hub to
verify such things as citizenship and household income....

"All states and the federal government, which also is setting up
exchanges for some states, are scurrying to get the complex system
running in less than three weeks.

"'The people who believe in this are so driven that there? 7;s a
subcontext of "Just let us do our job and get as many people signed up
as possible, and we'll pick up the debris later,"' said Steve Parente, a
University of Minnesota finance professor who specializes in health IT
issues.

"Parente testified on Capitol Hill earlier this week, urging caution in
pushing the federal hub online before it has been thoroughly tested.

The /Star Tribune/ reports that the recipient of the mishandled privacy
data was applying to become an Obamacare "navigator"

"Koester, the agent, had been working with MNsure staff because he was
having trouble registering for classes to get trained as a certified
'navigator' to help people sign up for coverage.

"Koester said there had been some back-and-forth with a MNsure staffer
when he received an e-mail and attachment that took him by surprise:
page after page of names, business addresses, license numbers and Social
Security numbers.

..."'[T]he gorilla in the room is that they sent me something that's not
even encrypted. It's unsecured, on an Excel spreadsheet --- which is
using outdated technology to transfer that information in the first place.'

"'They've got to realize they have a huge problem.'"

Here's a helpful diagram
<http://www.freedomworks.org/files/TheObamacareHub%0A%20.pdf> of how
Obamacare's Patient Data Hub would operate, courtesy of FreedomWorks. 
Maybe it's time to delay Obamacare---before repealing it in 2017.



__._,_.___

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

# OWASP http://www.appsecusa.org
# Builders, Breakers and Defenders
# Time Square, NYC 20-21 Nov
o()xxxx[{::::::::::::::::::::::::::::::::::::::::>

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security offers security intelligence, risk management services and customized security solutions. The 
YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk 
mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.
Previous By Date Next
Previous By Thread Next

Current thread: