Cyber Security Experts: HealthCare.gov Isn't Secure, Government's Doing Nothing About It
January 16, 2014 1:38 PM
comment(s) - last by
Over 20 vulnerabilities were reported shortly after HealthCare.gov launched, but the government has neglected to address them
HealthCare.gov was a mess the first couple of months after its October launch, and while many of
appear to be clearing up; experts say there are gaping holes in the website's security.
According to a report from
, cyber security experts have called the U.S. government out on its lack of effort to fix security problems with HealthCare.gov, which were pointed out shortly after the site's launch last year.
David Kennedy, head of computer security consulting firm TrustedSec LLC, is leading the crusade against the government in an effort to get these security holes patched. He said that he reported over 20 vulnerabilities shortly after HealthCare.gov launched on October 1, but the government has neglected to address them.
One of the first vulnerabilities Kennedy found was that hackers could easily obtain the full names and email addresses of Americans who signed up with HealthCare.gov. He said it took him five minutes to write a computer program that imported about 70,000 records in only four minutes.
Further, Kennedy discovered from a fellow security researcher that hackers could upload malicious code to HealthCare.gov, allowing them to take control of other HealthCare.gov users' computers to steal and/or modify data as well as attack other computers.
"These issues are alarming," said Kennedy.
[SOURCE: NBC News]
Kennedy and three other security experts first presented these security flaws at a November Science Committee hearing, where they suggested that the site be shut down immediately.
The Centers for Medicare & Medicaid Services, which oversees HealthCare.gov's operations, responded by saying no threats have been detected regarding the health insurance site.
"To date there have been no successful security attacks on HealthCare.gov and no person or group has maliciously accessed personally identifiable information from the site," said the federal agency. "Security testing is conducted on an ongoing basis using industry best practices to appropriately safeguard consumers' personal information."
For weeks after HealthCare.gov's initial launch, the site experienced slow speeds and loading messages preventing users from shopping the health insurance marketplace.
Back in November, Republican investigators with the House of Representatives Energy and Commerce Committee launched an investigation of the HealthCare.gov's troubles, and found emails from the project manager back in July 2013 that warned of potential issues that could arise. HealthCare.gov project manager Henry Chao sent an email out about the site's main contractor, CGI Federal, on July 16 saying that he "needs to feel more confident they are not going to crash the plane at take-off."
Staff shortages, problems with contractors and software issues were among the issues discussed prior to HealthCare.gov's launch.
More recently, HealthCare.gov's first contractor, CGI Federal -- which launched the site back in October -- was
booted in favor of Accenture
. CGI Federal's government contract for HealthCare.gov will expire February 28, 2014, and the contractor said it would not be renewed (more than likely because of all the website's problems).
Accenture's new one-year contract is worth $45 million USD for the project's initial phase, with a total value of $90 million by the time it expires.
This article is over a month old, voting and posting comments is disabled
putting resources to good use
1/16/2014 3:48:29 PM
The government should assign some of the NSA ITs to help fix the security flaws in the HealthCare.gov. Since they're on ppl tax dollars, at least do something useful with them rather than just sitting and collecting meta data ;)
"Well, there may be a reason why they call them 'Mac' trucks! Windows machines will not be trucks." -- Microsoft CEO Steve Ballmer
Government Hires Contractor Accenture for HealthCare.gov, Kicks CGI Federal Out
January 13, 2014, 10:15 AM
HealthCare.gov Project Manager Sent Concerns About the Site Back in July
November 15, 2013, 11:40 AM
FCC Orders Advertisers to Cut Out That Racket, Turn Down Commercials
August 29, 2014, 12:49 PM
Dropbox Bows to Competitive Pressure, Provides 1TB of Storage for $10/Month
August 27, 2014, 11:17 AM
Amazon Acquires Twitch for $970 Million
August 25, 2014, 4:37 PM
Facebook Adds Satire Tags to Its Auto-Generated "Related News" Posts
August 18, 2014, 10:43 AM
Comcast, TWC Pull Dinner Gift for FCC Commissioner... Sort Of
August 15, 2014, 1:10 PM
Comcast Accused of Wooing FCC Commissioner w/ $110K Dinner
August 13, 2014, 8:20 PM
Most Popular Articles
Numerous Leaks Detail 4.7" iPhone 6 Processor, RAM, Cellular and NFC Capabilities
August 29, 2014, 10:37 PM
Windows 9: "Upgrade Now" Button Coming for Enterprise Updates, ARM Preview in H1 2015
August 26, 2014, 8:00 PM
L.A. Unified School District’s Apple iPad Contract Canceled Following Heavy Criticism
August 26, 2014, 12:37 PM
Apple Builds Not-So-Secret Secret 3-Story Tower for iPhone 6/iWatch Unveil
August 28, 2014, 3:41 PM
Netflix Accuses Comcast of Ripping Off Customers, Files to Block Merger
August 26, 2014, 5:49 PM
Latest Blog Posts
Space Terrorism is a Looming Threat For the United States
Apr 23, 2014, 7:47 PM
Facebook Aims to Provide Internet to "Every Person in the World" with Drones, Satellites
Apr 1, 2014, 10:20 AM
Retail Mobile Sites Experience Outages in Light of Simplexity's Bankruptcy
Mar 14, 2014, 8:48 AM
Tesla vs. BMW: Who Has the Safer EV?
Feb 1, 2014, 2:56 PM
Justice Leaks Details of Next HTC One Two Flagship Phone
Dec 5, 2013, 4:04 PM
More Blog Posts
Copyright 2014 DailyTech LLC. -
Terms, Conditions & Privacy Information