Security and compliance shortcomings have taken Vermont’s state-run health insurance marketplace offline according to local officials. The health insurance exchange is apparently in need of a few security patches in order to strengthen its defenses against an attack, although no attack has officially taken place yet, according to state officials.
Vermont’s health exchange, like others, has had a rash of IT troubles as contractors tasked with building the marketplaces failed to deliver. The state has an agreement with the Centers for Medicare and Medicaid Services about addressing security risks, but failed to meet the deadlines for security compliance included in the agreement.
The site was taken offline on Monday, and could be down for several weeks according to the VTDigger.
Vermont’s exchange was originally serviced by CGI Federal, but has been subsequently dropped from the task as it was dropped from Massachusetts health insurance marketplace and the federal healthcare.gov website. Optum, a group with ties to UnitedHealth is now consulting for Vermont on the security issues.
CMS is also sending its own people to be on the ground in Vermont through the website update process.
CGI was supposed to address security risks through a regular security audit process but failed to do so by agreed upon deadlines. The company has been paid $67 million out of an $84 million contract. The state is considering its options for recouping more of that money based on a failure to service the contract.
CGI failed to return a request for comment about its track record at press time. The accountability-free government contracting train rolls on.