Great news: Covered California exposed hundreds of customers’ SSNs

Great news: Covered California exposed hundreds of customers’ SSNs

Covered California jeopardized the personal-identification information of at least 378 Obamacare enrollees, according to records reviewed by National Review Online. In most of these instances, navigators sent consumers’ confidential data to Covered California representatives using an “email [that] was not encrypted or otherwise secure,” violation notices stated — a direct violation of the health exchange’s policy.

Dana Howard, a spokesman for the health exchange, says “there is no indication [that consumers’ personal-identification information] was compromised,” adding that these violations constitute “a very minimal risk.” But cyber-security experts contacted by NRO expressed significant concerns. …

[T]hough the personal data sent through unencrypted e-mail varied by incident, information sent insecurely included driver’s-license numbers, immigration-document numbers, household income, employment information, health conditions, home addresses and phone numbers, birth dates, eye and hair color, and weight, to name a few examples.

Michael Gregg, a cyber-security expert who has testified before Congress about risks at Healthcare.gov, tells NRO that personal information should never be sent unencrypted because there’s a risk of unauthorized access. “Would you write your Social Security number on a postcard and drop it off at the post office?” Gregg asked. “I wouldn’t. Think of e-mail as a postcard. Anything written on the back of a postcard can be read by anyone, e-mail is basically the same.” …

According to Covered California records, one navigator told a security consultant that she was conducting enrollments over the phone and receiving and transmitting paperwork by e-mail because she had no office for Covered California work.

Continue reading →


Commenting Policy

We have no tolerance for comments containing violence, racism, vulgarity, profanity, all caps, or discourteous behavior. Thank you for partnering with us to maintain a courteous and useful public environment where we can engage in reasonable discourse.

You may use HTML in your comments. Feel free to review the full list of allowed HTML here.