Cyber Security Experts: HealthCare.gov Isn't Secure, Government's Doing Nothing About It
January 16, 2014 1:38 PM
comment(s) - last by
Over 20 vulnerabilities were reported shortly after HealthCare.gov launched, but the government has neglected to address them
HealthCare.gov was a mess the first couple of months after its October launch, and while many of
appear to be clearing up; experts say there are gaping holes in the website's security.
According to a report from
, cyber security experts have called the U.S. government out on its lack of effort to fix security problems with HealthCare.gov, which were pointed out shortly after the site's launch last year.
David Kennedy, head of computer security consulting firm TrustedSec LLC, is leading the crusade against the government in an effort to get these security holes patched. He said that he reported over 20 vulnerabilities shortly after HealthCare.gov launched on October 1, but the government has neglected to address them.
One of the first vulnerabilities Kennedy found was that hackers could easily obtain the full names and email addresses of Americans who signed up with HealthCare.gov. He said it took him five minutes to write a computer program that imported about 70,000 records in only four minutes.
Further, Kennedy discovered from a fellow security researcher that hackers could upload malicious code to HealthCare.gov, allowing them to take control of other HealthCare.gov users' computers to steal and/or modify data as well as attack other computers.
"These issues are alarming," said Kennedy.
[SOURCE: NBC News]
Kennedy and three other security experts first presented these security flaws at a November Science Committee hearing, where they suggested that the site be shut down immediately.
The Centers for Medicare & Medicaid Services, which oversees HealthCare.gov's operations, responded by saying no threats have been detected regarding the health insurance site.
"To date there have been no successful security attacks on HealthCare.gov and no person or group has maliciously accessed personally identifiable information from the site," said the federal agency. "Security testing is conducted on an ongoing basis using industry best practices to appropriately safeguard consumers' personal information."
For weeks after HealthCare.gov's initial launch, the site experienced slow speeds and loading messages preventing users from shopping the health insurance marketplace.
Back in November, Republican investigators with the House of Representatives Energy and Commerce Committee launched an investigation of the HealthCare.gov's troubles, and found emails from the project manager back in July 2013 that warned of potential issues that could arise. HealthCare.gov project manager Henry Chao sent an email out about the site's main contractor, CGI Federal, on July 16 saying that he "needs to feel more confident they are not going to crash the plane at take-off."
Staff shortages, problems with contractors and software issues were among the issues discussed prior to HealthCare.gov's launch.
More recently, HealthCare.gov's first contractor, CGI Federal -- which launched the site back in October -- was
booted in favor of Accenture
. CGI Federal's government contract for HealthCare.gov will expire February 28, 2014, and the contractor said it would not be renewed (more than likely because of all the website's problems).
Accenture's new one-year contract is worth $45 million USD for the project's initial phase, with a total value of $90 million by the time it expires.
This article is over a month old, voting and posting comments is disabled
RE: Corrupt Administration
1/16/2014 6:24:26 PM
Damn Argon, watch fox news much? They're pretty much the only ones keeping half that irrelevant crap you mentioned in the media. One of their trade tactics is if they repeat something enough, over and over, for years, it keeps it in the headlines, no matter how unimportant it is.
Keep focus of the real issues: healthcare (disaster) civil liberties (disaster) and spending (disaster)
Those are the legitimate concerns to attack this administration over, and boy are they legit. But fast and furious, benghazi? All that crap is going nowhere because they aren't serious enough issues. It'd be like attacking Chris Christi over not leaving a tip at Starbucks instead of this unbelievable bridge closing scandal.
Focus. Not Fox News. As far as I'm concerned, they're responsible for Obama getting re-elected in 2012 because they overloaded people with too much negative information that they practically forgot what they didn't like about Obama.
RE: Corrupt Administration
1/17/2014 6:15:21 AM
Illegally putting guns in the hands of drug cartels in an attempt to make legitimate gun dealers look like bad guys, then covering it up when American border patrol agents get killed with these same weapons is not a serious issue?
RE: Corrupt Administration
1/18/2014 1:40:56 PM
I think you might want to do some more research as FF was started under GB it just had a different name under his administration. But when you simply want to attack someone why let facts get in the way?
RE: Corrupt Administration
1/17/2014 10:54:29 AM
"But fast and furious, benghazi? All that crap is going nowhere because they aren't serious enough issues."
My purpose was to point out the lack of accountability, since this was one of BO's big campaign marketing points.
Sure those two incidents are water under the bridge, but the point is they were both large high-level failures of this administration where
American citizens died
as a result. That's pretty damn serious IMO.
Fast n Furious is relevant because of this administration's anti 2nd amendment views. Putting a huge weapons cache in drug cartel hands and then "oops, we lost track of it" is big.
Benghazi is relevant because it's the first American diplomat killed in over 3 decades. Not only that, but the series of lies and coverups by the then-Sec of State, Hillary Clinton, who is a possible 2016 POTUS candidate. If the mass media is skewering Chris Christie over some NJ tourism TV commercials, they damn well need to be skewering Hillary.
"It seems as though my state-funded math degree has failed me. Let the lashings commence." -- DailyTech Editor-in-Chief Kristopher Kubicki
Government Hires Contractor Accenture for HealthCare.gov, Kicks CGI Federal Out
January 13, 2014, 10:15 AM
HealthCare.gov Project Manager Sent Concerns About the Site Back in July
November 15, 2013, 11:40 AM
Netflix Announces 7-to-1 Stock Split, Eyes Explosive Overseas Growth
June 23, 2015, 8:18 PM
Sources: Hack on Fed. Database Lost 4.1M Social Security Numbers, Personal Info
June 11, 2015, 9:11 PM
The Big One: Chinese Hackers Steal Records of 4 Million U.S. Gov. Employees
June 4, 2015, 8:13 PM
Tutorial: Here's How to Force YouTube or Vimeo VIdeos to Embed as HTML5
June 3, 2015, 10:14 PM
Google Finally Fixes Maps Bug That Was Giving Racist, Profane Results
May 21, 2015, 1:43 PM
The Pirate Bay Loses Its Iconic Swedish Dot SE Domains
May 20, 2015, 6:31 PM
Most Popular Articles
Windows XP, Vista Users Can Get Free Windows 10 Upgrade Thanks to Loophole
June 23, 2015, 2:23 PM
Under the Hood: Digging Into Sony's New CUH-1200 PS4, 1 TB Ultimate Player Ed.
June 23, 2015, 10:33 AM
U.S. Navy Spends $9M USD to Cling to Windows XP, Office 2003
June 24, 2015, 2:03 PM
Xbox Outsold 108-to-1 By PS4 in Japan, Weekly Sales Fall to 100 Units
June 22, 2015, 1:54 PM
SanDisk's 200GB microSDXC Card Turns Smartphones Into Enviable PMPs
June 26, 2015, 2:02 PM
Latest Blog Posts
Sceptre Airs 27", 120 Hz. 1080p Monitor/HDTV w/ 5 ms Response Time for $220
Dec 3, 2014, 10:32 PM
Costco Gives Employees Thanksgiving Off; Wal-Mart Leads "Black Thursday" Charge
Oct 29, 2014, 9:57 PM
"Bear Selfies" Fad Could Turn Deadly, Warn Nevada Wildlife Officials
Oct 28, 2014, 12:00 PM
The Surface Mini That Was Never Released Gets "Hands On" Treatment
Sep 26, 2014, 8:22 AM
ISIS Imposes Ban on Teaching Evolution in Iraq
Sep 17, 2014, 5:22 PM
More Blog Posts
Copyright 2015 DailyTech LLC. -
Terms, Conditions & Privacy Information