Healthcare.gov has security bugs, expert warns Congress

Paper applications are available in lieu of using the HealthCare.gov website at a health care enrolment fair. Credit: Reuters
Paper applications are available in lieu of using the HealthCare.gov website at a health care enrolment fair. Credit: Reuters

The website at the center of U.S. President Barack Obama’s healthcare overhaul has security flaws that put user data at “critical risk” despite recent government assurances it is safe to use, a respected security expert said on Tuesday.

“There are actual, live vulnerabilities on the site now,” David Kennedy, head of computer security consulting firm TrustedSec LLC, told Reuters before testifying at a congressional hearing on the topic “Is My Data on HealthCare.gov Secure?”

Kennedy, a former U.S. Marine Corps cyber-intelligence analyst, presented a 17-page report describing the problems to the House Science, Space and Technology Committee. It does not go into specifics in some areas, he said, because that could provide criminals with a blueprint for launching attacks.

The website is an online exchange that allows consumers to shop for insurance plans under Obama’s Affordable Care Act, which mandated that Americans have health insurance and created new marketplaces to buy and sell policies.

The site has been bedeviled by technical glitches since its launch on October 1, although Obama administration officials have said they are getting on top of the problems.

“There is a lot of stuff that we are not publicly disclosing because of the criticality of the findings,” Kennedy said. “We don’t want to hurt people.”

When asked to describe the severity of the threat that they posed to the public, he said it was a “critical risk.”

The HealthCare.gov site collects data including the names, birth dates, social security numbers, email addresses and healthcare information about its users that criminals could use to engage in a wide variety of scams.

“The Obama administration has a responsibility to ensure that the personal and financial data collected by the government is secure,” said Lamar Smith, the Texas Republican who is chairman of the House committee.

“Unfortunately, in their haste to launch the HealthCare.gov website, it appears the administration cut corners that leaves the site open to hackers and other online criminals.”

The Obama administration said on Tuesday the website was safe to use.

IDENTIFYING VULNERABILITIES

Kennedy was one of the first security experts to identify vulnerabilities that the site poses to the security of user data, describing them on his company’s blog shortly after its October 1 launch.

The site lets people know invalid user names when logging in, allowing attackers to identify user IDs for the site, according to the report prepared for Tuesday’s hearing. It also describes more technical bugs that could lead to attacks.

Kennedy said in making his assessment he had used tools that allowed him to remotely view the site’s software, code and architecture without needing credentials to log on to its server.

In October, a September 27 government memorandum surfaced in which two Department of Health and Human Services officials said the security of the site had not been properly tested before its launch, creating “a high risk.”

HHS spokeswoman Joanne Peters said then that steps had been taken to ease security concerns since the memo was written, and that consumer data was secure.

Peters reiterated those assurances on Tuesday.

“When consumers fill out their online Marketplace applications, they can trust that the information that they are providing is protected by stringent security standards,” she said.

“Security testing happens on an ongoing basis using industry best practices to appropriately safeguard consumers’ personal information,” she said.

The Department of Homeland Security said last week that authorities were investigating more than a dozen cybersecurity incidents targeting HealthCare.gov.

 



News
Entertainment
Sports
Lifestyle
Local

Brooklyn man charged in roommate's stabbing death

A Brooklyn man accused of violently stabbing his roommate to death on Monday is in police custody and faces murder charges.

International

Dinosaurs could have survived asteroid strike

It turns out there is a good and a bad time for the planet to be hit by a meteor, and dinosaurs were just unlucky.…

National

OkCupid admits to Facebook-style experimenting on customers

By Sarah McBrideSAN FRANCISCO (Reuters) - OkCupid, a top U.S. matchmaking website, intentionally mismatched users to test its technology, the IAC/InterActive Corp service said on…

Local

MTA fares still increasing 4 percent in newly…

The agency said the 4 percent increases, previously announced in December, will remain steady even as the MTA deals with increasing labor costs.

Movies

Interview: Brendan Gleeson on the way 'Calvary' depicts…

Brendan Gleeson talks about how his new film "Calvary" began over drinks and how his character here is the opposite of the lead in "The Guard."

Movies

'Get on Up' producer Mick Jagger on the…

Mick Jagger, a producer on the James Brown biopic "Get on Up," talks about the time had to tell the singer some bad news and his favorite JB record.

Television

'Glee' star Lea Michele to appear on 'Sons…

"Glee" star Lea Michele has been confirmed as a guest star in the final season of "Sons of Anarchy."

Television

TV watch list, Monday, July 28: 'The Bachelorette'…

See Andi Dorfman make her big choice on tonight's 'Bachelorette' finale.

MLB

Angelo Cataldi: Ryan Howard deserves better from Phillies

Just last week, Ryan Howard endured the embarrassment of a benching that was inevitable, and yet still shocking.

NFL

Larry Donnell has inside track in Giants tight…

Little-known Larry Donnell of Grambling State currently has the inside track, as the second-year player has received the bulk of the first-team reps.

NFL

Computer to Jets: Start Michael Vick over Geno…

Jets general manager John Idzik says the choice of who starts between second-year quarterback Geno Smith and veteran Michael Vick will be a “Jets decision.”

MLB

Yankees looking to trade for Josh Willingham: Report

CBS Sports’ Jon Heyman reported Sunday the Yankees are interested in Twins outfielder Josh Willingham.

Travel

Glasgow: Hey, hey, the gangs aren't here

This European city has done a good job getting rid of its more violent residents and revitalizing with artists.

Education

Babson College tops list of best colleges for…

Money magazine has just released its inaugural list of "The Best Colleges for Your Money" -- and the answers have surprised many. Babson College, which…

Education

NYC teens learn how to develop apps during…

Through a program sponsored by CampInteractive, the high schoolers designed their own community-focused apps.

Tech

The Ministry of Silly Walks app is both…

Monty Python have dug into their back catalogue for cash-ins once more, but with the Ministry of Silly Walks app, they've made something that's fun too.