x
Breaking News
More () »

Audit finds security breaches from Connecticut Health Insurance Exchange not reported

The incidents, one of which impacted 1,100 people, happened from 2017 to 2021
Credit: FOX61
Access Health CT

HARTFORD, Conn. — The Connecticut Health Insurance Exchange failed to report to state regulators at least 44 incidents in which clients’ personally identifiable information was breached including one incident that impacted more than 1,000 people, the state’s auditors revealed in a new report.

The Auditors of Public Accounts regularly audits state agencies. The report, issued Tuesday, found 44 breaches of client data from July 2017 through March 2021. One of those incidents involved one phishing scam which affected 1,100 clients.

The report said one of the Exchange’s contractors accounted for 34 of the breaches. Five other entities were responsible for the remaining ten breaches.

State law requires that all quasi-public agencies promptly notify the Auditors of Public Accounts and the State Comptroller of any breach of security. The Exchange, which operates Access Health CT, did not do that in these cases, auditors said.

Sign up for the FOX61 newsletters: Morning Forecast, Morning Headlines, Evening Headlines

In addition to increasing the chance of identity theft for the individuals who had their data compromised, the auditors said the state was forced to pay for two-year security monitoring for clients who experienced a breach.

In the report, the Exchange said they monitor "vendor compliance with security requirements and is implementing additional protocols to monitor compliance and improve vendor security practices. The Exchange requires any vendor causing a breach to cover the cost of two years of security monitoring for clients who experienced a breach."

In a statement to FOX61, Access Health CT said it is committed to "protecting the security of the consumer information used in its operations."

"In a recent audit, it was identified that 44 breaches that were reported to HHS and the Connecticut AG were not filed with the Auditors and Comptroller," the statement said. "Access Health CT (AHCT) immediately filed copies of the reports previously filed with the AG and HHS with the Auditors and Comptroller to correct the error."

The statement continued: "Additionally, AHCT has continually worked with its vendors, including its call center vendor, as well as scanning and document processing vendors and mailing vendors to create policies and procedures to maintain the security of PII and Protected Health Information (PHI). AHCT also has policies and procedures in place for its own employees, conducts annual privacy and security training for employees and contractors and requires vendors to train their staff and comply with all AHCT requirements."

RELATED: Former health exchange CEO pays $5,000 state ethics penalty

Other items in the report took the agency to task for how it awarded some contracts to a sole source. Auditors also said the Exchange did not comply with other state purchasing policies that require purchase orders to be approved before services are received.

“The Exchange has refined its purchasing processes to ensure compliance with purchasing policies and procedures, and has implemented the use of a new requisition system to prevent irregularities or noncompliance," said the agency's response in the report. 

RELATED: State audit critical of payroll practices at UConn Health, finds inconsistencies

Auditors also said the Exchange also failed to submit annual and quarterly reports to the governor's office. The agency blamed staffing issues and said the reports have been properly submitted since December 2020. 

Doug Stewart is a digital content producer at FOX61 News. He can be reached at dstewart@fox61.com.

---

Have a story idea or something on your mind you want to share? We want to hear from you! Email us at newsteam@fox61.com

HERE ARE MORE WAYS TO GET FOX61 NEWS

Download the FOX61 News APP

iTunes: Click here to download

Google Play: Click here to download

Stream Live on ROKU: Add the channel from the ROKU store or by searching FOX61.

 

Before You Leave, Check This Out