MNsure Parts Ways With Employee In Security Breach
ST. PAUL, Minn. (AP) — An employee of Minnesota's health insurance exchange no longer works there after releasing private information about insurance agents.
MNsure executive director April Todd-Malmlov told the agency's board of directors Friday that the employee violated internal policy by storing unencrypted personal information about Minnesota insurance agents on a computer desktop.
Todd-Malmlov said human resources requirements prevent her from revealing whether the employee was fired or transferred to another state agency.
Last week, the worker inadvertently emailed Social Security and drivers' license numbers to an insurance agent in Burnsville, prompting MNsure officials to quickly secure the information and alleviate concerns about privacy of personal information as they prepare to deliver health care to Minnesota residents under the federal overhaul.
The agency said the private information pertained to about 1,600 agents, not 2,400 as originally reported. A memo to board members said some of the names on an initial list were duplicates.
When the mistake came to light, MNsure security officials worked with the agent who received the email to make sure he deleted it permanently from his computer.
Todd-Malmlov said MNsure employees dealing with classified data received specific training and had to pass a test in order to get access to the data.
MNsure is now conducting what Todd-Malmlov described as a "unit by unit, workstation by workstation" review to make sure that all employees are following security policies and procedures. The agency will also seek an independent review to identify contributing factors and identify policies or procedures that could prevent similar incidents in the future.
MNsure board member Phil Norgaard said he was confident that what happened was "a human resources problem, not necessarily an IT problem."
Todd-Malmlov also stressed that none of the information accidentally released had been entered through MNsure's customer portal, which goes live Oct. 1.
Kathryn Duevel, another board member, said she wants the agency to take steps to make sure that prospective MNsure customers can be confident their personal information is safe when they enroll.
"We have to give people reassurances that they can feel comfortable applying for MNsure," Duevel said. "Because they're going to be understandably worried."
A legislative panel that oversees MNsure's operations is meeting Tuesday to further discuss concerns raised by the security breach.
(© Copyright 2013 The Associated Press. All Rights Reserved. This material may not be published, broadcast, rewritten or redistributed.)