Healthcare.gov has security bugs, expert warns Congress

Paper applications are available in lieu of using the HealthCare.gov website at a health care enrolment fair. Credit: Reuters
Paper applications are available in lieu of using the HealthCare.gov website at a health care enrolment fair. Credit: Reuters

The website at the center of U.S. President Barack Obama’s healthcare overhaul has security flaws that put user data at “critical risk” despite recent government assurances it is safe to use, a respected security expert said on Tuesday.

“There are actual, live vulnerabilities on the site now,” David Kennedy, head of computer security consulting firm TrustedSec LLC, told Reuters before testifying at a congressional hearing on the topic “Is My Data on HealthCare.gov Secure?”

Kennedy, a former U.S. Marine Corps cyber-intelligence analyst, presented a 17-page report describing the problems to the House Science, Space and Technology Committee. It does not go into specifics in some areas, he said, because that could provide criminals with a blueprint for launching attacks.

The website is an online exchange that allows consumers to shop for insurance plans under Obama’s Affordable Care Act, which mandated that Americans have health insurance and created new marketplaces to buy and sell policies.

The site has been bedeviled by technical glitches since its launch on October 1, although Obama administration officials have said they are getting on top of the problems.

“There is a lot of stuff that we are not publicly disclosing because of the criticality of the findings,” Kennedy said. “We don’t want to hurt people.”

When asked to describe the severity of the threat that they posed to the public, he said it was a “critical risk.”

The HealthCare.gov site collects data including the names, birth dates, social security numbers, email addresses and healthcare information about its users that criminals could use to engage in a wide variety of scams.

“The Obama administration has a responsibility to ensure that the personal and financial data collected by the government is secure,” said Lamar Smith, the Texas Republican who is chairman of the House committee.

“Unfortunately, in their haste to launch the HealthCare.gov website, it appears the administration cut corners that leaves the site open to hackers and other online criminals.”

The Obama administration said on Tuesday the website was safe to use.

IDENTIFYING VULNERABILITIES

Kennedy was one of the first security experts to identify vulnerabilities that the site poses to the security of user data, describing them on his company’s blog shortly after its October 1 launch.

The site lets people know invalid user names when logging in, allowing attackers to identify user IDs for the site, according to the report prepared for Tuesday’s hearing. It also describes more technical bugs that could lead to attacks.

Kennedy said in making his assessment he had used tools that allowed him to remotely view the site’s software, code and architecture without needing credentials to log on to its server.

In October, a September 27 government memorandum surfaced in which two Department of Health and Human Services officials said the security of the site had not been properly tested before its launch, creating “a high risk.”

HHS spokeswoman Joanne Peters said then that steps had been taken to ease security concerns since the memo was written, and that consumer data was secure.

Peters reiterated those assurances on Tuesday.

“When consumers fill out their online Marketplace applications, they can trust that the information that they are providing is protected by stringent security standards,” she said.

“Security testing happens on an ongoing basis using industry best practices to appropriately safeguard consumers’ personal information,” she said.

The Department of Homeland Security said last week that authorities were investigating more than a dozen cybersecurity incidents targeting HealthCare.gov.

 



News
Entertainment
Sports
Lifestyle
National

Humans should thank ancient Scottish fish fossils for…

By Kate KellandLONDON (Reuters) - Scientists studying fossils have discovered that the intimate act of sexual intercourse used by humans was pioneered by ancient armored…

National

Comet makes rare close pass by Mars as…

By Irene KlotzNEW YORK (Reuters) - A comet from the outer reaches of the solar system on Sunday made a rare, close pass by Mars…

Local

NYPD: Man found hanging in Brooklyn subway station

A man was found hanging inside a Brooklyn subway station on Saturday morning, police said. The man, who still had not been identified on Sunday,…

Local

Only church destroyed in 9/11 set to rebuild

St. Nicholas Greek Orthodox Church, the only house of worship destroyed during the terrorist attacks on 9/11, held a groundbreaking ceremony Saturday to start the…

Television

9 things we learned about 'Hannibal' Season 3…

There’s plenty of fall television to be excited about, but the crowd inside the Paley Center for Media on Saturday night only wanted one thing:…

Going Out

Watch home cooks try to impress Tom Colicchio…

Is what you’re making for dinner tonight good enough to serve “Top Chef” judge Tom Colicchio? That’s the standard that some of the city’s best…

Television

‘Homeland’ recap: Season 4, Episode 4 ‘Iron in…

Carrie Mathison, what are you doing?! Don’t seduce virgins! More on that later: Lots of crazy stuff went down on the "Iron in the Fire" ep of "Homeland"!

Movies

Box office: Brad Pitt kills Nazis, also Nicholas…

This weekend, Brad Pitt's second WWII movie, "Fury," rolled into the lead, while the latest Nicholas Sparks movie, "The Best of Me," got little love.

College

College football AP Top 25 rankings: Mississippi State…

College football AP Top 25 rankings: Mississippi State holds off FSU

NHL

NHL Power Rankings: Sharks, Canadiens, Blackhawks out in…

NHL Power Rankings: Sharks, Canadiens, Blackhawks out in front

NFL

DeMarco Murray carries Cowboys to win over Giants

The Giants knew they would need to stop DeMarco Murray if they were going to leave Dallas with a win. It didn't matter.

NFL

Jets trade for wide receiver Percy Harvin: Report

According to Fox Sports' Jay Glazer, the Jets have sent a conditional draft pick to the Seahawks for wide receiver Percy Harvin.

Wellbeing

Gabby Bernstein: The 3 questions I always get

For the last decade, I’ve been writing self-help books and preaching the Gospel of Gabby to audiences throughout the world. And no matter what country…

Wellbeing

Health News: 5K for lung cancer, free yoga,…

Get some fresh air to benefit lung cancer research On Friday, the first-ever Brooklyn Free to Breathe Run/Walk will take place Oct. 26 at Cadman Plaza…

Education

Can these two college students come up with…

Two Atlanta college students say they have an idea for a simple test that would quickly diagnosis the Ebola virus - and it all started…

Education

Chances are, the average college student isn't taking…

As a bachelor’s degree becomes more expensive than ever, one new report is criticizing colleges for the content of those pricey educations. The American Council…