Healthcare.gov has security bugs, expert warns Congress

Paper applications are available in lieu of using the HealthCare.gov website at a health care enrolment fair. Credit: Reuters
Paper applications are available in lieu of using the HealthCare.gov website at a health care enrolment fair. Credit: Reuters

The website at the center of U.S. President Barack Obama’s healthcare overhaul has security flaws that put user data at “critical risk” despite recent government assurances it is safe to use, a respected security expert said on Tuesday.

“There are actual, live vulnerabilities on the site now,” David Kennedy, head of computer security consulting firm TrustedSec LLC, told Reuters before testifying at a congressional hearing on the topic “Is My Data on HealthCare.gov Secure?”

Kennedy, a former U.S. Marine Corps cyber-intelligence analyst, presented a 17-page report describing the problems to the House Science, Space and Technology Committee. It does not go into specifics in some areas, he said, because that could provide criminals with a blueprint for launching attacks.

The website is an online exchange that allows consumers to shop for insurance plans under Obama’s Affordable Care Act, which mandated that Americans have health insurance and created new marketplaces to buy and sell policies.

The site has been bedeviled by technical glitches since its launch on October 1, although Obama administration officials have said they are getting on top of the problems.

“There is a lot of stuff that we are not publicly disclosing because of the criticality of the findings,” Kennedy said. “We don’t want to hurt people.”

When asked to describe the severity of the threat that they posed to the public, he said it was a “critical risk.”

The HealthCare.gov site collects data including the names, birth dates, social security numbers, email addresses and healthcare information about its users that criminals could use to engage in a wide variety of scams.

“The Obama administration has a responsibility to ensure that the personal and financial data collected by the government is secure,” said Lamar Smith, the Texas Republican who is chairman of the House committee.

“Unfortunately, in their haste to launch the HealthCare.gov website, it appears the administration cut corners that leaves the site open to hackers and other online criminals.”

The Obama administration said on Tuesday the website was safe to use.

IDENTIFYING VULNERABILITIES

Kennedy was one of the first security experts to identify vulnerabilities that the site poses to the security of user data, describing them on his company’s blog shortly after its October 1 launch.

The site lets people know invalid user names when logging in, allowing attackers to identify user IDs for the site, according to the report prepared for Tuesday’s hearing. It also describes more technical bugs that could lead to attacks.

Kennedy said in making his assessment he had used tools that allowed him to remotely view the site’s software, code and architecture without needing credentials to log on to its server.

In October, a September 27 government memorandum surfaced in which two Department of Health and Human Services officials said the security of the site had not been properly tested before its launch, creating “a high risk.”

HHS spokeswoman Joanne Peters said then that steps had been taken to ease security concerns since the memo was written, and that consumer data was secure.

Peters reiterated those assurances on Tuesday.

“When consumers fill out their online Marketplace applications, they can trust that the information that they are providing is protected by stringent security standards,” she said.

“Security testing happens on an ongoing basis using industry best practices to appropriately safeguard consumers’ personal information,” she said.

The Department of Homeland Security said last week that authorities were investigating more than a dozen cybersecurity incidents targeting HealthCare.gov.

 


News
Entertainment
Sports
Lifestyle
International

Powerful 7.2 magnitude earthquake rattles Mexico

A powerful earthquake struck Mexico Friday, shaking buildings and sending people running into the street, although there were no reports of major damage.

News

OMG! Exercise can make skin (and butt) look…

A moderate exercise regime can turn back time and actually reverse the skin's aging process, according to new research. The study showed that a minimum…

Local

Oval oasis: Summer of fun kicks off this…

A bold partnership between the Fairmount Park Conservancy and the city's Parks and Recreation Department is kicking off this weekend with family activities re-activating this unused public space.

Local

African couple claiming misidentification in robbery case to…

At a bail hearing today for Vickson and Lorfu Korlewala, charged in the robbery of an 80-year-old woman, bail was reduced from $1 million total to $500,000.

The Word

Kate Middleton made fun of Prince William's bald…

Kate Middleton and Prince William are in Sydney, Australia, right now, and it sounds like that brash Aussie sense of humor might be rubbing off.

The Word

Is Tom Cruise dating Laura Prepon?

"Mission: Impossible" star Cruise is said to be dating Laura Prepon, star of "Orange is the New Black."

Television

'Scandal' recap: Season 3, Episode 18, 'The Price…

Sally is Jesus, Olivia caused global warming, and Mellie's still drunk. Let's recap the Scandal finale. A church full of Washington insiders is about to…

Movies

Review: 'Transcendence' is not stupid but sometimes lacks…

The cyberthriller "Transcendence" explores artificial intelligence, nanotechnology and other ethical quandaries, but has too much ambition, if anything.

MLB

Jimmy Rollins is key to Phillies success

When John Kruk was asked about what the Phillies need to contend for a playoff berth, the ESPN analyst said Jimmy Rollins needs to play like a MVP again.

MLB

Ben Revere lifts Phillies to avoid sweep

Ben Revere came through with a two-out RBI single against Atlanta’s tough lefthander Alex Wood.

NBA

Season wrap: 76ers make the grade

The 76ers opened the 2013-14 season with a victory over the Miami Heat. The Sixers closed the season with a win at Miami.

NBA

Fantasy basketball: Finding next year's NBA studs

Before we put the 2013-14 fantasy basketball season to bed, it’s worth thinking about next year’s breakouts while they’re fresh in our mind.

Style

Light-up nail art syncs with phone

This Japanese technology syncs light-up nail art with your phone.

Wellbeing

Why is dance cardio taking off in NYC?

Instructors at some of the city's hottest classes explain why.

Travel

Earth Day travel in the Florida Keys

See why this eco-friendly destination deserves your attention.

Tech

Sorry, Facebook — FarmVille goes mobile with 'Country…

Zynga has released a version of the hit "FarmVille" tailored for smartphones and tablets in the hope of reaping a bumper crop of players.