Vermont confirmed that a security breach of the state’s health-care exchange Web site gave at least one user access to another resident’s Social Security number.
The Vermont Health Connect’s privacy watchdog reported the security breach in a letter to the federal Centers for Medicare & Medicaid Services, said AP.
Department of Vermont Health Access commissioner Mark Larson told the AP it was the only security breach to occur since the site launched Oct. 1. But he had told state legislators at a hearing on Nov. 5 that his department had only investigated one complaint about security breaches, and that the complaint was unfounded, AP said.
In a statement, Gov. Peter Shumlin (D) said he had been briefed on the security breach, which investigators said was neither intentional nor malicious. Shumlin criticized Larson for the misleading testimony.
“I take this incident extremely seriously. It is unacceptable to be anything less than fully cooperative and transparent with Vermonters and their elected representatives in the Legislature. I am tremendously disappointed in Commissioner Larson’s lapse of judgment in this matter,” Shumlin said in the AP report. “This incident was promptly identified and resolved, and I was disappointed to learn that Commissioner Larson did not adequately disclose the circumstances of it when asked about this topic in committee earlier this month.”