An investigation into this fall's data breach at MNsure concludes the release of social security numbers in an email was a mistake with no malicious intent. But the legislative auditor also cites decisions made at the insurance exchange that contributed to the accident.
As MPR reports, the Minnesota Office of the Legislative Auditor found no evidence that a MNsure employee intentionally included the social security numbers of more than 1,500 insurance brokers in the email. The auditor's report says once it happened, MNsure responded to the mistake appropriately.
The audit also concludes, though, that MNsure could have done more to prevent the disclosure of private data in the first place, the Associated Press reports.
The summary of the report by Legislative Auditor James Nobles concludes it was not necessary for MNsure to collect the social security numbers of its brokers. It also finds the agency did not assess the security risks of using email to collect them.
The Star Tribune notes the audit also took exception with a MNsure official calling the mistake "an HR issue" involving an employee who was subsequently fired. The report says that version of events overlooks significant decisions made by others at MNsure that contributed to what happened.
MNsure released numbers this week showing that about 11,000 Minnesotans have used its website to sign up for health insurance coverage since it opened for business on Oct.1.