Vermont reports privacy violation on health care exchange

Vermont reports privacy violation on health care exchange

Summary: A single consumer received a copy of his application from an unknown third party.


Vermont state officials have confirmed a privacy breach on the state's health care exchange web site.


The exchange, named Vermont Health Connect, offers a health care insurance market under the federal Affordable Care Act.

According to a report filed with the federal Centers for Medicare and Medicaid Services (CMS) by state officials, on October 17 a consumer who had signed up on the web site received a copy of his application in the mail. On the back of the application was a handwritten note: "VERMONT HEALTH CONNECT IS NOT A SECURE WEBSITE!"

The Associated Press obtained the report, which did not name the consumer, after a request under the state public records law to the Department of Vermont Health Access.

There is no indication in any information released so far how the breach was accomplished.

Topics: Security, Government US

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


1 comment
Log in or register to join the discussion
  • Hope and change, hope they change...

    Is anyone really surprised?

    Having written code to handle moderate amounts of web traffic, I can tell you that session management is of particular importance. So when that Colorado man's dog was offered a health insurance plan it seems interesting that somehow, on the back end, form field data for one of the security questions was inexplicably switched with another field.

    I've seen in, for example using non-thread safe development environments, sessions get crossed. I have tested session security and managed to spoof sessions. This looks like poor session management, untrustworthy trusted connections, you name it.

    This is likely just the tip of the iceberg. If this were a GOP backed website, a Wall Street firm, a big insurance company, the WH and Democrats would be all over it. But because this is related to the ACA its ni biggie, just some of the bugs and hiccups that they are being worked out.

    Three years, 500 million lines of code, and hundreds of millions of dollars in sum total and this is all that Government can produce. Pathetic.