- Woman who live streamed a police officer’s shooting is receiving death threats 5 Years Ago
- Pre-Prime Day deals you don’t want to miss 5 Years Ago
- Dana Loesch out at NRATV; ‘thoughts and prayers’ for her career are in Today 12:33 PM
- Trump’s rant about Megan Rapinoe devolves into treatise about PC culture in the NBA Today 10:41 AM
- Is Millie Bobby Brown joining the MCU? Today 10:39 AM
- Hundreds of thousands demand that Etika’s previously deleted YouTube channel be restored Today 10:18 AM
- Eric Trump says cocktail waitress spit on him in Chicago bar Today 9:47 AM
- Maine governor signs net neutrality bill into law Today 9:07 AM
- How the QAnon movement continues without its messenger Today 8:26 AM
- 6 best Korean beauty products for summer Today 8:17 AM
- ‘The Office’ is leaving Netflix in 2021 Today 7:46 AM
- How to install the iOS 13 beta and test out its best new features Today 7:42 AM
- Swipe This! I want my boyfriend to text me everyday. Is that crazy? Today 7:30 AM
- Why every 2020 Democrat is canceled Today 7:01 AM
- The best LGBTQ movies and series on Amazon Prime Today 7:00 AM
The downtime was just the tip of the iceberg.
Despite highly touted improvements to Healthcare.gov’s functionality, the site many Americans are using to sign up health coverage under the Affordable Care Act still has crucial cybersecurity weaknesses, experts testified on Capitol Hill Thursday.
Witnesses said that nothing has changed since security failings were first brought to light shortly after the website’s glitch-plagued launch back in October.
“Healthcare.gov is not secure today,” said David Kennedy, head of the computer security firm TrustedSec LLC, one of a several security experts to testify before the House Science, Space and Technology Committee on Thursday.
According to statements made by Kennedy to Reuters, more than 20 security flaws, vulnerable to infiltration by hackers, have not been fixed. This despite the fact that a similar assessment was delivered at a hearing of the same committee two months ago. At that time, three out of four expert witnesses, including Kennedy, advised completely shutting down the federal health insurance exchange to address weak links in the site’s security.
Kennedy repeated his message Thursday, saying there is no doubt that security problems exist. The focus of government officials, he said, should be on how to fix them. Before the hearing, he told reporters that the site was susceptible to attacks that would allow hackers to steal personal information, modify data, or attack users’ personal computers. They could also break into and disrupt the infrastructure of Healthcare.gov itself.
But Democratic representatives disagreed with Kennedy’s assessment and accused GOP committee leaders of stacking the deck when it came to selecting witnesses. Rep. Eddie Johnson (D-Texas.), the committee’s ranking Democrat, said Republicans are using the committee’s investigative powers to keep the public’s attention on Healthcare.gov’s technical flaws as a way of undermining the Affordable Care Act.
“The majority has allowed the committee to become a tool of political messaging,” Johnson said.
But Kennedy denied that politics played a role in his testimony. Other independent experts who have reviewed his research agree with Kennedy’s conclusions about the vulnerable state of the exchange.
“The site is fundamentally flawed in ways that make it dangerous to people who use it,” Kevin Johnson, one of the experts who reviewed Kennedy’s findings, told Reuters.
One of the more significant vulnerabilities uncovered by Kennedy and first reported to the federal government in October, exposes users’ information, including full names and email addresses. A short computer program Kennedy claims to have written in five minutes was able to automatically collect some 70,000 records in roughly four minutes. Kennedy didn’t even have to hack the site to obtain this data. The information was available via the Internet.
Other witnesses who appeared before the committee tried to downplay the threat. Waylon Krush, the CEO of a firm that has done security work for the Department of Health and Human Services, said most hackers would choose to focus on more lucrative targets like the recently hacked Target and Neiman Marcus. Kennedy and others refuted this claim, saying plenty of valuable information is still available through government websites.
Healthcare.gov is the centerpiece of President Barack Obama‘s biggest legislative triumph to-date, the Affordable Care Act. The site is a federally administered marketplace for citizens in 36 states to buy private insurance plans. But since debuting in October, it has been plagued with technical errors. In addition to security concerns, many users faced crashes and timeouts when they first tried to access the site.
The user experience was drastically improved by December, leading to an enrollment surge that saw up to 2.1 million citizens purchase health insurance through the site. However, that number remains far below initial administration projections. There are also ongoing reports of backend errors resulting in insurers not receiving accurate information about their new clients.
The Obama administration recently announced that the primary contractor behind Healthcare.gov would be dismissed from the project. The firm, CGI Federal, is also facing backlash from several states who say the company has bungled their own state-run health insurance exchanges. The Department of Health and Human Services recently hired veteran Microsoft Executive Ken DelBene to oversee continued repairs to the site.
Photo by Edith Soto/Flickr
Tim Sampson is a reporter who focused on the technology, business, and politics beats. He's also an established comedy writer, with work on Comedy Central and in The Onion and ClickHole.