MNsure officials are forced to explain a data breach at the Capitol

25 September 2013

ST. PAUL, Minn. – A terminated MNsure employee who was blamed for a data security breach lead to the grilling of officials who sat before the Legislature’s Oversight Committee on Tuesday morning.

An employee described by The Associated Press as a “broker-coordinator” with a starting salary of $62,000 a year was terminated on Friday.

The AP reported Tuesday afternoon that the person, who released private data on 1,600 insurance agents, was not given another job in the state after leaving MNsure. April Todd-Mamlov, MNsure Executive Director, told the committee that she was not allowed to say more than the person was no longer at MNsure.

Committee members were focused on the data breach, which lasted just 27 minutes.

“The Social Security data that was collected from agents and brokers, was that even needed?” asked Rep. Joe Atkins, a Democrat from Inver Grove Heights.

Mamlov admitted that it was not needed.

Atkins added, “I expect to introduce legislation that says you cannot get agents’ and brokers’ social security numbers and license numbers. Would you have any objection to that?”

“I would not,” replied Mamlov.

“People are very unsure about MNsure,” said Rep. Joe Hoppe, a Republican from Chaska. “We have spent $100 million and people are nervous about this. People are nervous about their data.”

Minnesota Data Information Security Chief Christopher Buse told committee members that MNsure’s security system is “state of the art.” Mamlov insisted that the security breach issue was not a system problem, but a violation of policy by one individual.

Buse said an independent company is analyzing the MNsure security and found only minor or moderate security issues that were being corrected. There were no “smoking gun” issues.

“Have any of those yielded any smoking guns that would prevent you from going live on Oct. 1?” asked Sen. Tony Laurey, a Democrat from Kerrick.

“We still have some final security work to do, looking at that final walk through, making sure that all the ducks are in a row for this system,” said Buse. “At this point, we do not see a lot of show-stopper issues from a security perspective. There are things that we are working on, but until the final review is done, I am reluctant to give an answer that we are good to go at this point.”

In the hallway outside the hearing room, Mamlov told reporters that MNsure is planning to go online on Oct. 1, as planned.

“(The MNsure security) is the most secure system in all of state government,” said Mamlov. “And that is as secure as what people have used in the private sector.”

Article Sourced From: http://www.kare11.com/news/article/1040230/396/MNsure-officials-explain-data-breach-at-Capitol