Vermont Health Connect has serious cybersecurity flaws, and federal regulators are not doing enough to make the state correct them in a timely manner.
Those were two conclusions of a U.S. Government Accountability Office review released in March. The watchdog report was focused on the federal HealthCare.gov website but included cybersecurity assessments of three states’ health insurance exchanges.
One of the states had vulnerabilities that could allow a hacker to get usernames and passwords for users. Another state exchange could allow a hacker to gain access to databases. The third state exchange has weaknesses that could compromise the “confidentiality or integrity of the system.”
Those three states are Vermont, Kentucky, and California, according to a spokesperson for the Government Accountability Office. But the study does not identify which states have which problems, and it originally released the names of the states to the Associated Press under a Freedom of Information Act request.
