Healthcare.gov has security bugs, expert warns Congress

Paper applications are available in lieu of using the HealthCare.gov website at a health care enrolment fair. Credit: Reuters
Paper applications are available in lieu of using the HealthCare.gov website at a health care enrolment fair. Credit: Reuters

The website at the center of U.S. President Barack Obama’s healthcare overhaul has security flaws that put user data at “critical risk” despite recent government assurances it is safe to use, a respected security expert said on Tuesday.

“There are actual, live vulnerabilities on the site now,” David Kennedy, head of computer security consulting firm TrustedSec LLC, told Reuters before testifying at a congressional hearing on the topic “Is My Data on HealthCare.gov Secure?”

Kennedy, a former U.S. Marine Corps cyber-intelligence analyst, presented a 17-page report describing the problems to the House Science, Space and Technology Committee. It does not go into specifics in some areas, he said, because that could provide criminals with a blueprint for launching attacks.

The website is an online exchange that allows consumers to shop for insurance plans under Obama’s Affordable Care Act, which mandated that Americans have health insurance and created new marketplaces to buy and sell policies.

The site has been bedeviled by technical glitches since its launch on October 1, although Obama administration officials have said they are getting on top of the problems.

“There is a lot of stuff that we are not publicly disclosing because of the criticality of the findings,” Kennedy said. “We don’t want to hurt people.”

When asked to describe the severity of the threat that they posed to the public, he said it was a “critical risk.”

The HealthCare.gov site collects data including the names, birth dates, social security numbers, email addresses and healthcare information about its users that criminals could use to engage in a wide variety of scams.

“The Obama administration has a responsibility to ensure that the personal and financial data collected by the government is secure,” said Lamar Smith, the Texas Republican who is chairman of the House committee.

“Unfortunately, in their haste to launch the HealthCare.gov website, it appears the administration cut corners that leaves the site open to hackers and other online criminals.”

The Obama administration said on Tuesday the website was safe to use.

IDENTIFYING VULNERABILITIES

Kennedy was one of the first security experts to identify vulnerabilities that the site poses to the security of user data, describing them on his company’s blog shortly after its October 1 launch.

The site lets people know invalid user names when logging in, allowing attackers to identify user IDs for the site, according to the report prepared for Tuesday’s hearing. It also describes more technical bugs that could lead to attacks.

Kennedy said in making his assessment he had used tools that allowed him to remotely view the site’s software, code and architecture without needing credentials to log on to its server.

In October, a September 27 government memorandum surfaced in which two Department of Health and Human Services officials said the security of the site had not been properly tested before its launch, creating “a high risk.”

HHS spokeswoman Joanne Peters said then that steps had been taken to ease security concerns since the memo was written, and that consumer data was secure.

Peters reiterated those assurances on Tuesday.

“When consumers fill out their online Marketplace applications, they can trust that the information that they are providing is protected by stringent security standards,” she said.

“Security testing happens on an ongoing basis using industry best practices to appropriately safeguard consumers’ personal information,” she said.

The Department of Homeland Security said last week that authorities were investigating more than a dozen cybersecurity incidents targeting HealthCare.gov.

 



News
Entertainment
Sports
Lifestyle
National

Woman dies when run over by bus at…

A woman at the Burning Man arts and culture festival in the Nevada desert died on Thursday when she was run over by a bus carrying participants.

National

Texas parents sue day care center for duct…

By Marice RichterDALLAS (Reuters) - A Texas couple has filed a lawsuit against the owners of a Fort Worth-area day care center seeking $1 million…

National

Santa Fe city council votes to decriminalize marijuana

By Joseph KolbALBUQUERQUE N.M. (Reuters) - Santa Fe on Wednesday became the latest U.S. city to decriminalize small amounts of marijuana, with lawmakers in the…

International

Egypt queries Mursi over documents "leaked" to Al…

CAIRO (Reuters) - Egypt is investigating jailed ex-president Mohamed Mursi in connection with documents that judicial investigators say were leaked to the Qatar-based Al Jazeera…

Going Out

'Friends' coffeehouse Central Perk coming to NYC —…

"Friends" is coming back for a one-off special: "The One with the Free Coffee." Warner Bros. is bringing a pop-up replica of Central Perk, the…

Movies

Interview: 'As Above, So Below' directors: 5 ways…

The fraternal directors of the found footage horror "As Above, So Below" dish on the best ways to frighten the bejesus out of audiences.

Movies

Criterion's new Jacques Demy box mixes the light…

Jacques Demy, the most effervescent of French New Wave filmmakers, gets a Criterion box all to himself, with classics like "The Umbrellas of Cherbourg."

Entertainment

Comedian Joan Rivers, 81, rushed to New York…

NEW YORK (Reuters) - Acerbic comedian and fashion critic Joan Rivers was rushed to Mount Sinai Hospital in New York on Thursday after she reportedly…

NFL

3 things we learned in the Giants preseason…

The final score didn’t matter — a 16-13 win by the Giants — but it would’ve been nice to finally see Big Blue’s new-look offense get on track.

NFL

NFL Power Rankings: Seahawks, Broncos, Patriots, 49ers start…

NFL Power Rankings: Seahawks, Broncos, Patriots start at top

U.S. Soccer

5 facts about new England captain Wayne Rooney

Manchester United striker Wayne Rooney was named as the new England captain by coach Roy Hodgson on Thursday.

NFL

Jets vs. Eagles: 3 things to watch

A win on Thursday night at the Eagles would give the Jets a 3-1 record and just their second winning preseason under head coach Rex Ryan.

Style

Trend: White hot on the 2014 Emmy's red…

White was one of the big trends on the Emmy's red carpet.

Food

Recipe: Samuel Adams beer-marinated grilled shrimp

Summer calls for two things: a cold beer and light food. Sam Adams' Latitude 48 IPA fairly bursts with citrus notes, making it an ideal marinade…

Wellbeing

4 healthy ingredient swaps to make your meals…

When it comes to eating well, everyone knows they could be doing better. But cooking in an apartment on a busy schedule is a recipe…

Wellbeing

Heart trumps brain when it comes to movies…

When you need a good cry, do you reach for the movie that’s “based on a true story”? Science says you’re giving your brain far…