- Chelsea Handler tackles system racism in ‘Hello Privilege. It’s Me, Chelsea’ 6 Years Ago
- Gun control proposal: Trump, lawmakers considering background check-conducting app 6 Years Ago
- How to stream Browns vs. Jets on Monday Night Football Today 7:00 AM
- What are anons? Today 6:30 AM
- How to stream Eagles vs. Falcons on Sunday Night Football Today 6:00 AM
- How to stream ‘Power’ season 6, episode 4 Today 5:00 AM
- How to stream WWE’s Clash of Champions 2019 Saturday 8:00 PM
- How ‘F*ck off Scotland’ became a Scottish rallying cry amid Brexit madness Saturday 6:28 PM
- A Missouri officer resigned after his Islamophobic Facebook posts surfaced Saturday 5:08 PM
- Adding ‘Triggered’ to stock photos of white men creates Netflix comedy special thumbnails Saturday 3:10 PM
- New restaurant in New York has a seriously unfortunate name: ‘Qanoon’ Saturday 1:38 PM
- These are the 10 best ‘Star Wars’ ships Saturday 12:41 PM
- Google Maps helped solve a decades-old missing persons case Saturday 12:27 PM
- Teen who plotted deadly swatting prank over Call of Duty argument gets prison time Saturday 11:58 AM
- RIP to the real star of ‘Stranger Things’: Steve Harrington’s mullet Saturday 11:04 AM
Healthcare.gov still dangerously easy to hack, experts testify
The downtime was just the tip of the iceberg.
Despite highly touted improvements to Healthcare.gov’s functionality, the site many Americans are using to sign up health coverage under the Affordable Care Act still has crucial cybersecurity weaknesses, experts testified on Capitol Hill Thursday.
Witnesses said that nothing has changed since security failings were first brought to light shortly after the website’s glitch-plagued launch back in October.
“Healthcare.gov is not secure today,” said David Kennedy, head of the computer security firm TrustedSec LLC, one of a several security experts to testify before the House Science, Space and Technology Committee on Thursday.
According to statements made by Kennedy to Reuters, more than 20 security flaws, vulnerable to infiltration by hackers, have not been fixed. This despite the fact that a similar assessment was delivered at a hearing of the same committee two months ago. At that time, three out of four expert witnesses, including Kennedy, advised completely shutting down the federal health insurance exchange to address weak links in the site’s security.
Kennedy repeated his message Thursday, saying there is no doubt that security problems exist. The focus of government officials, he said, should be on how to fix them. Before the hearing, he told reporters that the site was susceptible to attacks that would allow hackers to steal personal information, modify data, or attack users’ personal computers. They could also break into and disrupt the infrastructure of Healthcare.gov itself.
But Democratic representatives disagreed with Kennedy’s assessment and accused GOP committee leaders of stacking the deck when it came to selecting witnesses. Rep. Eddie Johnson (D-Texas.), the committee’s ranking Democrat, said Republicans are using the committee’s investigative powers to keep the public’s attention on Healthcare.gov’s technical flaws as a way of undermining the Affordable Care Act.
“The majority has allowed the committee to become a tool of political messaging,” Johnson said.
But Kennedy denied that politics played a role in his testimony. Other independent experts who have reviewed his research agree with Kennedy’s conclusions about the vulnerable state of the exchange.
“The site is fundamentally flawed in ways that make it dangerous to people who use it,” Kevin Johnson, one of the experts who reviewed Kennedy’s findings, told Reuters.
One of the more significant vulnerabilities uncovered by Kennedy and first reported to the federal government in October, exposes users’ information, including full names and email addresses. A short computer program Kennedy claims to have written in five minutes was able to automatically collect some 70,000 records in roughly four minutes. Kennedy didn’t even have to hack the site to obtain this data. The information was available via the Internet.
Other witnesses who appeared before the committee tried to downplay the threat. Waylon Krush, the CEO of a firm that has done security work for the Department of Health and Human Services, said most hackers would choose to focus on more lucrative targets like the recently hacked Target and Neiman Marcus. Kennedy and others refuted this claim, saying plenty of valuable information is still available through government websites.
Healthcare.gov is the centerpiece of President Barack Obama‘s biggest legislative triumph to-date, the Affordable Care Act. The site is a federally administered marketplace for citizens in 36 states to buy private insurance plans. But since debuting in October, it has been plagued with technical errors. In addition to security concerns, many users faced crashes and timeouts when they first tried to access the site.
The user experience was drastically improved by December, leading to an enrollment surge that saw up to 2.1 million citizens purchase health insurance through the site. However, that number remains far below initial administration projections. There are also ongoing reports of backend errors resulting in insurers not receiving accurate information about their new clients.
The Obama administration recently announced that the primary contractor behind Healthcare.gov would be dismissed from the project. The firm, CGI Federal, is also facing backlash from several states who say the company has bungled their own state-run health insurance exchanges. The Department of Health and Human Services recently hired veteran Microsoft Executive Ken DelBene to oversee continued repairs to the site.
Photo by Edith Soto/Flickr
Tim Sampson is a reporter who focused on the technology, business, and politics beats. He's also an established comedy writer, with work on Comedy Central and in The Onion and ClickHole.