GAO finds major vulnerabilities in 3 state exchange websites

Investigators at the Government Accountability Office (GAO) found notable vulnerabilities in the health insurance exchange websites of three states--California, Kentucky and Vermont--which could put hundreds of thousands of customers' personal information at risk, according to the Associated Press.

GAO discovered the security flaws in September and alerted state officials, the article says. The GAO believes that because it found so many vulnerabilities in just these three states, other exchanges could also be vulnerable. In addition, the agency has urged federal regulators to improve privacy controls for the federal exchange,

The report did not specify which state had which security flaw, but the AP said one state did not encrypt passwords, one state did not use any filters to block potential hostile website visits and one state did not use proper encryption. Kentucky's former governor, Steve Beshear, said that time restricted state officials from fixing problems the GAO identified with his state's exchange, but that no data breach ever occured.

Covered California Executive Director Peter Lee made a simliar point in a letter he sent to Congress in October, though he noted that in a few instances personal information may have been compromised due to human error or other mistakes, the article says. But Lee added that since the GAO report, state officials have put more focus on scanning the state's exchange to find any security threats.

"Protecting data is our highest priority," Lee wrote in his letter. "From day one, Covered California has followed the rigorous guidelines outlined in federal and state security regulations designed to protect our consumers' private information."

To learn more:
- read the AP article

Free Webinar

Take Control of Your Escalating Claim Costs through a Comprehensive Pre-payment Hospital Bill Review Solution

Today managing high dollar claim spend is more important than ever for Health Plans, TPAs, Employers, and Reinsurers, and can pose significant financial risks. How can these costs be managed without being a constant financial drain on your company resources? Our combination of the right people and the right technology provides an approach that ensures claims are paid right, the first time. Register Now!

Suggested Articles

A new Aetna pilot program aims to harness its parent company's pharmacy reach to help address members' social needs.

A three-way deal between UpHealth, Cloudbreak, and a blank check company has created a new public digital health company valued at $1.35 billion.

Operation Warp Speed plans to distribute 6.4 million doses of a COVID-19 vaccine 24 hours after it receives emergency approval, officials said.