HIX failed to report dozens of breaches, audit finds

A recent audit found that the Connecticut health insurance exchange, Access Health CT, failed to report dozens of data breaches between July 2017 and March 2021. The exchange did not take sufficient actions to ensure client data security, putting individuals at risk of identity theft and fraud. The exchange experienced 44 breaches, with 34 coming from a single contractor, and only reported them to the Attorney General, not other required agencies. The exchange stated that it is implementing additional security protocols and requiring vendors to cover the cost of security monitoring for affected clients.