Healthcare.gov has security bugs, expert warns Congress

Paper applications are available in lieu of using the HealthCare.gov website at a health care enrolment fair. Credit: Reuters
Paper applications are available in lieu of using the HealthCare.gov website at a health care enrolment fair. Credit: Reuters

The website at the center of U.S. President Barack Obama’s healthcare overhaul has security flaws that put user data at “critical risk” despite recent government assurances it is safe to use, a respected security expert said on Tuesday.

“There are actual, live vulnerabilities on the site now,” David Kennedy, head of computer security consulting firm TrustedSec LLC, told Reuters before testifying at a congressional hearing on the topic “Is My Data on HealthCare.gov Secure?”

Kennedy, a former U.S. Marine Corps cyber-intelligence analyst, presented a 17-page report describing the problems to the House Science, Space and Technology Committee. It does not go into specifics in some areas, he said, because that could provide criminals with a blueprint for launching attacks.

The website is an online exchange that allows consumers to shop for insurance plans under Obama’s Affordable Care Act, which mandated that Americans have health insurance and created new marketplaces to buy and sell policies.

The site has been bedeviled by technical glitches since its launch on October 1, although Obama administration officials have said they are getting on top of the problems.

“There is a lot of stuff that we are not publicly disclosing because of the criticality of the findings,” Kennedy said. “We don’t want to hurt people.”

When asked to describe the severity of the threat that they posed to the public, he said it was a “critical risk.”

The HealthCare.gov site collects data including the names, birth dates, social security numbers, email addresses and healthcare information about its users that criminals could use to engage in a wide variety of scams.

“The Obama administration has a responsibility to ensure that the personal and financial data collected by the government is secure,” said Lamar Smith, the Texas Republican who is chairman of the House committee.

“Unfortunately, in their haste to launch the HealthCare.gov website, it appears the administration cut corners that leaves the site open to hackers and other online criminals.”

The Obama administration said on Tuesday the website was safe to use.

IDENTIFYING VULNERABILITIES

Kennedy was one of the first security experts to identify vulnerabilities that the site poses to the security of user data, describing them on his company’s blog shortly after its October 1 launch.

The site lets people know invalid user names when logging in, allowing attackers to identify user IDs for the site, according to the report prepared for Tuesday’s hearing. It also describes more technical bugs that could lead to attacks.

Kennedy said in making his assessment he had used tools that allowed him to remotely view the site’s software, code and architecture without needing credentials to log on to its server.

In October, a September 27 government memorandum surfaced in which two Department of Health and Human Services officials said the security of the site had not been properly tested before its launch, creating “a high risk.”

HHS spokeswoman Joanne Peters said then that steps had been taken to ease security concerns since the memo was written, and that consumer data was secure.

Peters reiterated those assurances on Tuesday.

“When consumers fill out their online Marketplace applications, they can trust that the information that they are providing is protected by stringent security standards,” she said.

“Security testing happens on an ongoing basis using industry best practices to appropriately safeguard consumers’ personal information,” she said.

The Department of Homeland Security said last week that authorities were investigating more than a dozen cybersecurity incidents targeting HealthCare.gov.

 



News
Entertainment
Sports
Lifestyle
Local

Mayor announces public housing improvements

Mayor Bill de Blasio spoke at the Lincoln Houses in East Harlem on Wednesday, calling for the scaffolding to come down at NYCHA complexes across…

National

Peter Theo Curtis: American released by Syrian militants…

An American writer freed this week from two years in the captivity of insurgents in Syria spoke briefly outside his family's Cambridge home Wednesday of…

Local

Bratton defends 'broken windows' work as NYPD support…

Sixty percent of those polled said they support the "broken windows" theory approach popularized by Commissioner Bratton since his first term in the 1990s.

Local

Transit changes for Labor Day weekend

The MTA is adding additional service Friday for New Yorkers getting out of the city for the long weekend. On Friday, Aug. 29, 27 additional…

Television

'Full House' might be relaunched with some of…

A new "Full House" might be in the works.

Movies

Review: 'The Congress' is a crazy, unwieldy sci-fi…

Robin Wright is the center of gravity in "The Congress," which turns from a live-action Hollywood satire into an animated spectacular on a downer future.

Movies

Review: 'The Last of Robin Hood' is a…

Dakota Fanning plays Errol Flynn's (Kevin Kline) teenage gal pal in "The Last of Robin Hood," which takes a scandal and makes it dully empathetic.

Movies

Review: The uneven 'Life of Crime' mostly gets…

Elmore Leonard's "The Switch" becomes the new indie crime dramedy "Life of Crime," with Jennifer Aniston as a kidnapped woman whose husband won't pay up.

College

When are 2014 college football playoffs? (Schedule, date,…

When and where are 2014 college football playoffs? A look at the schedule, date, TV, time for the semi-finals at championship game.

NFL

Dimitri Patterson suspended only for rest of preseason…

Dimitri Patterson ended up getting just a slap on the wrist.

Sports

Eugenie Bouchard excited for 'rowdy' fans at US…

Eugenie Bouchard is sure to endear herself to New York's tennis faithful as she tries to win her first grand slam title across the next two weeks.

MLB

MLB Power Rankings: Angels and A's still at…

MLB Power Rankings: Angels and A's still at top, Nationals climb

Home

Labor Day essentials

Whether you’re soaking up the sun on the beach or barbecuing in the park here are some must-haves for your end-of-summer bash.

Education

Does the school day start too early?

As thousands of high schoolers get ready to head back to class, health experts say it may be time to push back the start of…

Style

Fall 2014 trend: lilac

Push those gray and black sweaters aside and make room for blush and lilac.

Career

Stop eating lunch at your desk

What are you doing for lunch today? If you are like most workers, you'll be eating at your desk - which isn't much of a…