State auditors say the Connecticut health insurance exchange, Access Health Connecticut, failed to report 44 breaches of client personal information between 2017 and last year.
Most of those incidents — 34 — were connected to a single contractor, which the auditors did not name. One phishing scam affected the information of more than 1,000 people. The audit also said the exchange didn’t do enough “to ensure the confidentiality, integrity, and security of client data when one of its contractors incurred 34 of those breaches.” The effect of the breaches was risk of identity theft, medical insurance abuse and financial fraud, the audit said.
In response, the exchange told auditors that it is working with outside companies to improve data security. It also said it wasn’t aware that it was required to notify state officials of the breach.
“The Exchange complies with statutory reporting requirements, and will comply with additional reporting requirements,” it told auditors.
