backtop


Print

Healthcare.gov is rated as less secure than over half of websites, is exposing private records

Obamacare's website, Healthcare.gov has caught a nasty security bug, but it doesn't seem to be seeking treatment.

I. Obamacare Portal is Dangerous to Americans

After a disastrous Oct. 1, 2013 launch and billions wasted/spent, the government's effort to fix its one-stop shop for health insurance focused on the portal's service glitches, which led to timeouts and lost user form information.  The effort drew fire when it was revealed that project managers tried to raise concerns about the site's issues as far back as July 2013, but were largely ignored and told to proceed like it was business as usual.

But for a website that is entrusted with a massive amount of sensitive personal information and records, a number problem was festering beneath the surface.

It turns out that as poorly designed as Healthcare.gov's front-end is, its backend may be even more of a mess, with security experts identifying multiple security flaws.  Some experts argued that the flaws were serious enough to necessitate a shutdown of the site.  Of course, President Barrack Hussein Obama (D) refused to do that, insisting the dangers would be fixed quickly.

Healthcare.gov
Warning: Insecure!

One of the experts to testify before Congress in November about the security concerns, TrustedSec founder David Kennedy, has returned this week with some disturbing news, though, saying one of the worst security holes remains gaping open two months later.

By doing advanced searches using Google Inc.'s (GOOG) search engine and then modifying the resulting URLs minimally, he believes that over 70,000+ records can be accessed.  He says his white hat code of ethics prevents him from actually fully testing the bug, but that he's certain his black hat colleagues would have no problem exploiting it.

Most embarrassingly, the bug is a simple one, he states, and could be cured in a matter of days if the Obama administration committed to treating it.

The fact that it remains unfixed two months after it was widely publicized is disturbing, he argues, as other bugs will be much harder to fix and remain unresolved as well.  Among those is lacking security certifications which allow malicious attack sites to impersonate the government website, preying on victims via phishing scams.

II. Silence From the Obama Administration on Why it Isn't Protecting Americans

The Centers for Medicare and Medicaid Services (CMS) the Health Department agency responsible for Healthcare.gov's development has thus far refused to respond to the latest round of media inquiries regarding the website continuing to endanger Americans.

In December after a special meeting with top tech leaders the President announced he was tapping retired Microsoft Corp. (MSFT) Office President Kurt DelBene to lead repair efforts on the site.  But Mr. DelBene -- who carries impressive cloud credentials, having championed Microsoft's Office 365 development -- does not appear to have been able to fix the failing project thus far.

Healtch.gov 404
[Image Source: DailyClash]

Regardless of how you feel about public healthcare in general, or the specific implementation that the President and his allies in Congress passed and signed into law, it's almost impossible to deny that the web face of the program has been an abysmal failure.  After billions spent on the site, SecurityHeaders -- a site that examines websites for known security flaws -- estimates that HealthCare.gov is more insecure than half the sites on the web.

The scan we ran on the site states:

SummaryNumber of Happy Findings: 2
Number of Not As Happy Findings: 8
Percentage Happy Findings: 20%

 
What These Numbers Mean
We detected 2 Happy Findings on www.healthcare.gov. According to the data we have gathered www.healthcare.gov scores worse than approximately 50% of sites out there. The good news is that adding many of our HTTP header recommendations for security take very little time to implement and have a big impact!

(For reference's sake, while we don't have billions, DailyTech was found to be more secure, better than roughly 74 percent of sites.)

In a blog Mr. Kennedy concludes that if you choose to take part in Obamacare via the mandatory website, you're doing so at your own risk.  He concludes:

Everything that we've seen from the website is a symptomatic problem of a much larger issue of how they code the website so I'd be very concerned with using it.

Perhaps the federal healthcare site remains unfixed because keeping Americans secure simply isn't as high a priority to the President as spying on them.  In recent months the President has largely been focused on defending the U.S. National Security Agency (NSA), which uses general warrants to seize the internet records and telephone records of nearly every single American.

III. No Energy for HealthCare.gov

Defending policies which treat law abiding Americans as criminals has been an understandably exhausting effort for the head of the U.S.

British monarch King George III, once remarked, "A traitor is everyone who does not agree with me."

Likewise, the President has been compelled to push charges for those who disagree with his spying programs, an effort to extinguish the flame of truth that has consumed much of his focus.  But the administration is determined that taxpayers must not be allowed to learn what their money is being spent on.

To that end it is looking to make an example of leakers so as to warn government employees that if they choose to violate secrecy mandates in order to protect the Constitution they will face treason and/or espionage charges.  Revealing details of the classified domestic surveillance programs is a crime under U.S. law, and the swelling nationalist regime isn't afraid to borrow a page from King George's playbook and crack down on its unruly subjects.

Obama
The Obama administration is returning America to its imperialist English roots with his "total war" on terrorism and general warrants.  The effort has drained the President and his staff on the energy to fix their broken healthcare site.  [Image Source: Freaking News]

Such ongoing efforts to continue its assault on taxpayers' civil liberties appear to have sapped not only taxpayer dollars, but have also drained what little effort the administration might have otherwise invested in fixing its broken healthcare portal.

But the President has stood firm in the face of criticism, looking to employ his crafty oratory gifts to win back the hearts of beleaguered Americans.  Most recently in a speech he attempted to make it sound like he was making some sort of a change to the surveillance state, but upon closer inspection his words actually revealed his decision to continue to back those policies.

As a result of the President's priorities, America's fledgling public healthcare effort remains a laughingstock of other nations, while American companies are viewed as a possible security risk due to America's growing police state that spies on citizens and allies alike.

Source: TrustedSec





"The whole principle [of censorship] is wrong. It's like demanding that grown men live on skim milk because the baby can't have steak." -- Robert Heinlein







Latest Blog Posts
Apple in the News
Saimin Nidarson - Apr 4, 2017, 9:03 AM






botimage
Copyright 2017 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki