Subcontractor error exposed Vermont Health Connect customers’ SSNs
A security lapse earlier this summer has jeopardized the Social Security information of nearly 700 users of Vermont’s online health insurance marketplace.
Vermont Public Radio reports officials learned of the security breach when one Vermont Health Connect customer found her name and Social Security number on an online document while conducting an internet search.
WEX Health was hired by the state to perform payment processing for the insurance exchange.
Vermont Department of Health Access communications director Sean Sheehan says Samanage, a company hired by WEX, was responsible for the mishandling of customers’ personal information.
Read more on WCAX.
The following is a portion of WEX Health’s notification letter, a copy of which was uploaded to the Vermont Attorney General’s site:
We are writing to inform you of a potential compromise of your personal information, namely your name and Social Security number (“Personal Information”).
Just recently, we were informed by Samanage Ltd., our subcontractor, that a data file containing your Personal Information inadvertently may have become accessible in an unauthorized manner. Samanage provides information technology support functions under a contract to us. We are a service provider for the State of Vermont. From the information provided to us by Samanage, this data file may have been accessible between June 2, 2016 and July 27, 2016. Samanage disabled direct Internet access to the data file containing your Personal Information on July 27, 2016, preventing unauthorized access. Let us emphasize that we currently are not aware of any actual unauthorized access, misuse, or misappropriation of your Personal Information. However, we are providing this notice so that you can take appropriate precautions.