Cyber Security Experts: HealthCare.gov Isn't Secure, Government's Doing Nothing About It
January 16, 2014 1:38 PM
Over 20 vulnerabilities were reported shortly after HealthCare.gov launched, but the government has neglected to address them
HealthCare.gov was a mess the first couple of months after its October launch, and while many of
appear to be clearing up; experts say there are gaping holes in the website's security.
According to a report from
, cyber security experts have called the U.S. government out on its lack of effort to fix security problems with HealthCare.gov, which were pointed out shortly after the site's launch last year.
David Kennedy, head of computer security consulting firm TrustedSec LLC, is leading the crusade against the government in an effort to get these security holes patched. He said that he reported over 20 vulnerabilities shortly after HealthCare.gov launched on October 1, but the government has neglected to address them.
One of the first vulnerabilities Kennedy found was that hackers could easily obtain the full names and email addresses of Americans who signed up with HealthCare.gov. He said it took him five minutes to write a computer program that imported about 70,000 records in only four minutes.
Further, Kennedy discovered from a fellow security researcher that hackers could upload malicious code to HealthCare.gov, allowing them to take control of other HealthCare.gov users' computers to steal and/or modify data as well as attack other computers.
"These issues are alarming," said Kennedy.
[SOURCE: NBC News]
Kennedy and three other security experts first presented these security flaws at a November Science Committee hearing, where they suggested that the site be shut down immediately.
The Centers for Medicare & Medicaid Services, which oversees HealthCare.gov's operations, responded by saying no threats have been detected regarding the health insurance site.
"To date there have been no successful security attacks on HealthCare.gov and no person or group has maliciously accessed personally identifiable information from the site," said the federal agency. "Security testing is conducted on an ongoing basis using industry best practices to appropriately safeguard consumers' personal information."
For weeks after HealthCare.gov's initial launch, the site experienced slow speeds and loading messages preventing users from shopping the health insurance marketplace.
Back in November, Republican investigators with the House of Representatives Energy and Commerce Committee launched an investigation of the HealthCare.gov's troubles, and found emails from the project manager back in July 2013 that warned of potential issues that could arise. HealthCare.gov project manager Henry Chao sent an email out about the site's main contractor, CGI Federal, on July 16 saying that he "needs to feel more confident they are not going to crash the plane at take-off."
Staff shortages, problems with contractors and software issues were among the issues discussed prior to HealthCare.gov's launch.
More recently, HealthCare.gov's first contractor, CGI Federal -- which launched the site back in October -- was
booted in favor of Accenture
. CGI Federal's government contract for HealthCare.gov will expire February 28, 2014, and the contractor said it would not be renewed (more than likely because of all the website's problems).
Accenture's new one-year contract is worth $45 million USD for the project's initial phase, with a total value of $90 million by the time it expires.
"Game reviewers fought each other to write the most glowing coverage possible for the powerhouse Sony, MS systems. Reviewers flipped coins to see who would review the Nintendo Wii. The losers got stuck with the job." -- Andy Marken
Government Hires Contractor Accenture for HealthCare.gov, Kicks CGI Federal Out
January 13, 2014, 10:15 AM
HealthCare.gov Project Manager Sent Concerns About the Site Back in July
November 15, 2013, 11:40 AM
Netflix took a decision to invest in original content
January 19, 2017, 7:00 AM
Amazon Airborne Fulfillment Center – Your Merchandise Drop-Shipped from the Clouds
December 29, 2016, 5:00 AM
Amazon is experimenting with a new kind of grocery stores, Amazon Go
December 8, 2016, 5:00 AM
Google has developed Deep Learning Algorithm to detect Diabetic Eye Disease
December 4, 2016, 5:00 AM
Google plans ultra-fast wireless Internet for Research Triangle Park, N.C.
August 12, 2016, 6:30 AM
Twitter Senior VP: "Diversity is Important, But We Can’t Lower the Bar"
November 9, 2015, 9:59 AM
Most Popular Articles
Super Hi- Vision Will Amaze the World
January 16, 2017, 9:53 AM
Samsung Chromebook Plus – Coming in February 2017
January 17, 2017, 12:01 AM
Samsung 2017 Handset’s Updates
January 17, 2017, 12:01 AM
Comparison – Surface Pro VS Tbook X5 Pro
January 21, 2017, 7:00 AM
Comparison – iPad Mini Vs Huawei MediaPad M3
January 19, 2017, 2:08 AM
Latest Blog Posts
Some new News
Jan 23, 2017, 8:59 AM
What is new?
Jan 22, 2017, 7:00 AM
Nintendo signals end for Wii U
Jan 21, 2017, 7:00 AM
Jan 20, 2017, 7:00 AM
News of the World
Jan 19, 2017, 7:00 AM
News of the Day Wednesday 1/18/2017
Jan 18, 2017, 12:01 AM
Jan 17, 2017, 12:16 AM
News of the Day
Jan 16, 2017, 12:10 PM
News and Technology Advancement
Jan 16, 2017, 7:58 AM
Jan 15, 2017, 12:32 AM
Here is Some News
Jan 14, 2017, 12:39 AM
News: Improved and New products
Jan 13, 2017, 12:01 AM
News around the world
Jan 12, 2017, 12:01 AM
Rumors and Announcements
Jan 11, 2017, 12:01 AM
This year CES and ridiculous gadgets
Jan 10, 2017, 12:01 AM
Nokia Android phone spurns the west.
Jan 9, 2017, 12:08 AM
New at CES 2017 - Changhong 8K Super Slim TV 65ZHQ3R
Jan 8, 2017, 1:07 AM
Debuted at CES 2017 - Vuzix Blade 3000 Smart Sunglasses
Jan 8, 2017, 12:39 AM
Some news of Day
Jan 7, 2017, 12:01 AM
News 2017 CES
Jan 6, 2017, 12:01 AM
Here is the Latest News in Tech
Jan 5, 2017, 1:47 AM
More Blog Posts
Copyright 2017 DailyTech LLC. -
Terms, Conditions & Privacy Information