- Vibe TV puts a premium price tag on piracy 5 Years Ago
- Twitter unites in collective confusion over ‘Democrats for Trump’ trending Saturday 2:28 PM
- YouTube star tweets and deletes video of his Black cousin ‘Peanut’ acting as a stool Saturday 1:04 PM
- The ‘Do you wash your legs in the shower’ debate has now escalated to feet Saturday 12:20 PM
- Donald Trump posted a world-class golf score, and the internet laughs at him Saturday 10:46 AM
- Lili Reinhart dragged the ‘Game of Thrones’ petition, sparking debate about TV and ‘fan service’ Saturday 9:42 AM
- How to stream UFC Fight Night 152 for free Saturday 8:00 AM
- People keep calling the ‘Game of Thrones’ creators by their initials—and it’s confusing D&D players Saturday 8:00 AM
- After infidelity and abuse accusations, ProJared said his wife wanted an open marriage Saturday 7:40 AM
- ‘Jailbirds’ prioritizes petty drama over insight Saturday 7:30 AM
- How to stream Deontay Wilder vs. Dominic Breazeale for free Saturday 7:00 AM
- How to live stream Josh Taylor vs. Ivan Baranchyk on DAZN Saturday 6:00 AM
- Kim Kardashian West reveals her and Kanye’s 4th child is named Psalm Friday 6:38 PM
- Tan France and Alexa Chung are hosting Netflix’s first fashion show Friday 5:42 PM
- Nonprofit groups express concern with pop-up abortion networks Friday 5:06 PM
The downtime was just the tip of the iceberg.
Despite highly touted improvements to Healthcare.gov’s functionality, the site many Americans are using to sign up health coverage under the Affordable Care Act still has crucial cybersecurity weaknesses, experts testified on Capitol Hill Thursday.
Witnesses said that nothing has changed since security failings were first brought to light shortly after the website’s glitch-plagued launch back in October.
“Healthcare.gov is not secure today,” said David Kennedy, head of the computer security firm TrustedSec LLC, one of a several security experts to testify before the House Science, Space and Technology Committee on Thursday.
According to statements made by Kennedy to Reuters, more than 20 security flaws, vulnerable to infiltration by hackers, have not been fixed. This despite the fact that a similar assessment was delivered at a hearing of the same committee two months ago. At that time, three out of four expert witnesses, including Kennedy, advised completely shutting down the federal health insurance exchange to address weak links in the site’s security.
Kennedy repeated his message Thursday, saying there is no doubt that security problems exist. The focus of government officials, he said, should be on how to fix them. Before the hearing, he told reporters that the site was susceptible to attacks that would allow hackers to steal personal information, modify data, or attack users’ personal computers. They could also break into and disrupt the infrastructure of Healthcare.gov itself.
But Democratic representatives disagreed with Kennedy’s assessment and accused GOP committee leaders of stacking the deck when it came to selecting witnesses. Rep. Eddie Johnson (D-Texas.), the committee’s ranking Democrat, said Republicans are using the committee’s investigative powers to keep the public’s attention on Healthcare.gov’s technical flaws as a way of undermining the Affordable Care Act.
“The majority has allowed the committee to become a tool of political messaging,” Johnson said.
But Kennedy denied that politics played a role in his testimony. Other independent experts who have reviewed his research agree with Kennedy’s conclusions about the vulnerable state of the exchange.
“The site is fundamentally flawed in ways that make it dangerous to people who use it,” Kevin Johnson, one of the experts who reviewed Kennedy’s findings, told Reuters.
One of the more significant vulnerabilities uncovered by Kennedy and first reported to the federal government in October, exposes users’ information, including full names and email addresses. A short computer program Kennedy claims to have written in five minutes was able to automatically collect some 70,000 records in roughly four minutes. Kennedy didn’t even have to hack the site to obtain this data. The information was available via the Internet.
Other witnesses who appeared before the committee tried to downplay the threat. Waylon Krush, the CEO of a firm that has done security work for the Department of Health and Human Services, said most hackers would choose to focus on more lucrative targets like the recently hacked Target and Neiman Marcus. Kennedy and others refuted this claim, saying plenty of valuable information is still available through government websites.
Healthcare.gov is the centerpiece of President Barack Obama‘s biggest legislative triumph to-date, the Affordable Care Act. The site is a federally administered marketplace for citizens in 36 states to buy private insurance plans. But since debuting in October, it has been plagued with technical errors. In addition to security concerns, many users faced crashes and timeouts when they first tried to access the site.
The user experience was drastically improved by December, leading to an enrollment surge that saw up to 2.1 million citizens purchase health insurance through the site. However, that number remains far below initial administration projections. There are also ongoing reports of backend errors resulting in insurers not receiving accurate information about their new clients.
The Obama administration recently announced that the primary contractor behind Healthcare.gov would be dismissed from the project. The firm, CGI Federal, is also facing backlash from several states who say the company has bungled their own state-run health insurance exchanges. The Department of Health and Human Services recently hired veteran Microsoft Executive Ken DelBene to oversee continued repairs to the site.
Photo by Edith Soto/Flickr
Tim Sampson is a reporter who focused on the technology, business, and politics beats. He's also an established comedy writer, with work on Comedy Central and in The Onion and ClickHole.