An easily exploitable security flaw in the Healthcare.gov code gives hackers access to Americans’ personal information.
When signing up for health care on the site, which was created under the Affordable Care Act, a user must input the wealth of personal information such as their name, email address, family members, and social security number. According to Mother Jones, a security flaw in the site makes all this data vulnerable to attack.
The attack, known as “clickjacking,” works as follows: A hacker inserts a frame on top of an input button that is either transparent or disguised to look like that button. Then, when the user clicks on the false button, it redirects their computer to a third party site which can collect the information they thought they were submitting to the U.S. government.
As Mother Jones pointed out, several risk assessment firms have already identified the security flaw and noted that it is a relatively easy coding problem to fix.
When the magazine asked the Department of Health and Human Services for comment, they apparently directed the publication to their decidedly underwhelming security statement: “If a security incident occurs, an Incident Response capability would be activated, which allows for the tracking, investigation, and reporting of incidents.”
Identity theft is a billion dollar industry. In 2012, more than 12 million Americans had their identities stolen (up a million from the year before). Considering the relative simplicity of an attack on Healthcare.gov, as well as the comprehensive personal information it requires, it is reasonable to assume the site will be a target for hackers.
The security flaw deals another unfortunate blow to the healthcare site, whose poor performance and sloppy program have been leveraged to make it a strawman for republicans looking to attack Obamacare. On Thursday, for example, U.S. Representative Darrell Issa (R-Calif.) posted on his website a series of cat images titled “8 Cats Who Called 1-800-ObamaCare but Still Couldn’t Get Healthcare,” that made fun of the slow performance of Healthcare.gov.
The site’s problems have been a constant frustration for the White House as the president’s staff tries to increase political support for Obamacare. “There’s no sugar-coating it. The website has been too slow [and] people have been getting stuck during the application process,” President Barack Obama said on Monday. “Nobody’s madder than me that the website isn’t working as well as it should, which means it’s going to get fixed.”
Illustration by Jason Reed
Pure, uncut internet. Straight to your inbox.