« Disaster Recovery

Minnesota health insurance exchange mistakenly causes data breach

Health insurance exchange providers need to be wary of potential data breaches because they have a lot of sensitive material in their files.
Health insurance exchange providers need to be wary of potential data breaches because they have a lot of sensitive material in their files.

Data breaches have become more common in recent years because more work-related tasks are completed on the computer. Oftentimes, many companies are not doing enough to protect themselves from information theft. Even larger enterprises like the New York Times can be a victim of these situations. 

Recently, an employee at MNsure, a Minnesota-based health insurance exchange provider, accidently forwarded confidential information of 2,400 insurance agents. Information like Social Security numbers, business addresses and identification numbers were included in the email, according to the Star Tribune.

Jim Koester, the individual who received the file of people's private information, was inquiring about the steps to become a health insurance navigator. This position helps uninsured Americans apply for these health exchange programs. However, Koester received an attachment that did not contain such instructions. It wasn't long before the MNsure employee notified Koester and worked with him to delete the file. 

The staffer at MNsure walked Koester, the broker at Apple Valley Insurance, through the steps to completely wipe the file from the hard drive. Even though Koester complied with the employee's request, he felt very unsettled by the situation.

"She was very serious," Koester told the news source. "But the gorilla in the room is that they sent me something that's not even encrypted. It's unsecured, on an Excel spreadsheet — which is using outdated technology to transfer that information in the first place."

Despite MNsure's swift reaction, the health insurance exchange provider will still undergo a thorough investigation because the practice has "a data privacy policy in place, and this employee's action was a violation of this policy," an MNsure official noted.

Minnesota Legislative auditor Jim Nobles confirmed that the breach was caused by human error, according to iHealth Beat. Even though the organization already knew that, Nobles doesn't understand why the email included the attachment.

 Preventing accidental and intentional data breaches

What happened at MNsure could happen anywhere in the United States. Millions of Americans who hope to enroll in the federal exchange in the near future will have to provide information like their Social Security number to verify their citizenship and household income.

Providers could benefit from disaster recovery planning, so they can ensure a quick recovery process should any data breaches occur. Any entity, including third-party vendors, could inadvertently expose patient information and get slapped with fines. Business continuity consultants who specialize in disaster recovery can help businesses bounce back from these data breaches and reassure patients.