Maryland Obamacare Exchange Exposed 600K Customers’ Personal Data To ID Theft

Maryland Obamacare health insurance exchange officials risked patient information, violated open-meetings laws, awarded unjustified sole-source contracts and missed getting $199,000 after failing to submit federal reimbursement requests on time, according to the state’s Office of Legislative Audits.

Maryland’s auditor found the Maryland Health Benefits Exchange “stored personally identifiable information and federal tax information” for nearly 600,000 people without encrypting it, leaving full names, Social Security numbers and addresses susceptible to identity theft, the OLA report said. Officials also allowed “excessive” administrative access to the network, further risking the system’s integrity.

Exchange officials unjustifiably awarded two sole-source contracts worth a combined $5.9, and took nearly three years to request federal reimbursement for some expenses, meaning the state missed the reimbursement deadline and spent $199,000 unnecessarily.