The revelation that Connect for Health Colorado had numerous weaknesses and inadequate security systems to protect the personal information of its customers is not as surprising as the health exchange’s reaction when the failures were made public.
A federal inspector general released the report this week of an investigation they conducted in 2014 that exposed the vulnerabilities, and we’ve now been assured that our personal health information was never taken advantage of by identity thieves — that we know of.
We expected an apology from the exchange for their sloppy work, but instead what we got were excuses that the investigation was old news, to them, anyway.
The federal visit occurred “a year and a month after we opened for business,” Connect for Health Colorado spokesman Luke Clarke said. “We have implemented all the changes they suggested in the report. None of our customer information was compromised, ever.”
Really? So when was the health exchange going to let their customers know that their personal information was vulnerable for more than a year before the IG told them to clean up their act?
It’s not the crime, it’s the cover-up that causes damage to careers and erodes the public trust, so goes the political adage.
In this case, Connect for Health did not destroy the public trust, because they’ve never had it the first place. Lack of trust is about the only record they haven’t managed to tarnish.