Was New York's Obamacare rollout hit with a DDoS attack?
New York State’s health care exchange website, New York State of Health, was hit with unexpectedly high traffic on Tuesday, the first day health insurance markets were open under the Affordable Care Act.
The rush of visitors prevent many from registering for the Empire State’s new health insurance exchange. Around the country, the story was similar. But some have speculated that the problems with New York’s site weren’t just caused by thousands of eager health insurance consumers— rather, the site may have been hit by an intentional distributed denial of service (DDoS) attack launched by opponents of Obamacare.
"Since its launch, nystateofhealth.ny.gov has gotten approximately 10 million web visits, far more than was anticipated, causing login problems for users," Donna Frescatore, the program’s executive director, said in a statement. "In response to these issues, operators at the state's call center have assisted thousands of callers while our technicians have increased the site's capacity and are looking into the cause of this abnormally high traffic."
While New York is one of the most populous states in the U.S., the New York Post noted that there are only slightly over one million people in the state who lack health insurance—the group most likely to access the site to find the health insurance everyone in the nation will be required to carry when that particular provision of the Affordable Care act goes into effect next year.
Over the same period of time, Healthcare.gov, the health care exchange site operated by the federal government on behalf of the 36 states that declined to set up their own exchanges, only recorded 4.7 million hits. The website for the state of California’s exchange, likely to be the largest in the nation, received just 645,000.
Darien Kindlund, a manager at networking security firm FireEye, told the Post that a distributed denial of service attack could be the culprit. In such an attack, hackers take advantage of network of computer infected with viruses to send a torrent of traffic to a particular site in the hopes that it will crash under the server load or, at the very least, expereince a noticeable reduction in performance.
“The numbers are fairly compelling,” Kindlund said.
Even so, security specialists interviewed by the New York Times shrugged off suggestions of foul play, saying the high traffic to the New York site could have simply been the result of a successful advertising campaign and a wave of media coverage pointing millions of curious Americans of all stripes to visit the site, not just those lacking coverage.
Matthew Prince, founder of the San Francisco-based content delivery network Cloudflare, told the Times that, if they were really interested in making a good first impression, states like New York could have planned ahead for this early surge of interest in the exchanges.
“At the end of the day, you can solve these problems by throwing more money at them,” Prince explained. “In this case, they could have built an entire data center to accommodate first- and second-day traffic, but at some point, it would have sat empty.”
A banner still present on the New York State of Health website reads, “Due to overwhelming interest in the NY State of Health - including millions of visits during the first few days of site launch - the health exchange is currently having log in issues. We encourage users who are unable to log in to come back to the site later when these issues will be resolved.”