Vermont Public is independent, community-supported media, serving Vermont with trusted, relevant and essential information. We share stories that bring people together, from every corner of our region. New to Vermont Public? Start here.

© 2024 Vermont Public | 365 Troy Ave. Colchester, VT 05446

Public Files:
WVTI · WOXM · WVBA · WVNK · WVTQ · WVTX
WVPR · WRVT · WOXR · WNCH · WVPA
WVPS · WVXR · WETK · WVTB · WVER
WVER-FM · WVLR-FM · WBTN-FM

For assistance accessing our public files, please contact hello@vermontpublic.org or call 802-655-9451.
Play Live Radio
Next Up:
0:00
0:00
0:00 0:00
Available On Air Stations

The home for VPR's coverage of health and health industry issues affecting the state of Vermont.

Health Connect Security Flaws Were Fixed More Than A Year Ago, State Says

Vermont Health Connect screen shot
Cybersecurity vulnerabilities at Vermont Health Connect were identified and fixed in 2014, according to Lawrence Miller, the health care chief for the Shumlin Administration.

According to a federal report, Vermont is one of three states that have experienced security problems with their health care exchanges. But the Shumlin Administration says these problems were fixed more than a year ago.

The report was conducted by the Government Accountability Office and covers the period from October 2013 to March of 2015. It was released last month but the GAO study didn't include the names of the states that had flaws in their security software programs.

The states were identified this week after the Associated Press filed a Freedom of Information Act request. The three states are California, Kentucky and Vermont.

Lawrence Miller, the health care chief for the Shumlin Administration, says the vulnerabilities were identified and fixed in 2014.

“We identified all those risks and either remediated them – that is, fixed them – or managed them – that is, control them in other ways,” Miller says.

Miller notes that Vermont Health Connect changed vendors just after the timeframe of the GAO study, and he says all of the outstanding security issues were resolved at that time.

"This reflects a point in time long ago, and these issues are not present in the current system,” Miller says.

"This reflects a point in time long ago, and these issues are not present in the current system." - Lawrence Miller, health care chief

Lt. Governor Phil Scott, a longtime critic of Vermont Health Connect, says the breaches were just one of a series of ongoing problems with the exchange, and he favors moving to the federal system.

“It's obvious to me that the problems are too prevalent and they're not getting resolved,” Scott says. “So we need to restore the faith and trust of Vermonters and point us in a new direction." 

But Miller points out that the GAO study also found security problems with the federal exchange, and says there has never been a malicious security breach at Vermont Health Connect.

Bob Kinzel has been covering the Vermont Statehouse since 1981 — longer than any continuously serving member of the Legislature. With his wealth of institutional knowledge, he answers your questions on our series, "Ask Bob."
Latest Stories