Home arrow Politics & Politicians arrow Federal Issues arrow More Obamacare Data Breaches Continue to Highlight Security Problems of Healthcare Exchanges
User Login





Lost Password?
No account yet? Register
Guard My Credit Menu
Home
- - - THE ISSUES - - -
Videos
Fraud and Scams
Credit Issues
Identity Theft
Privacy Issues
Our Children
Politics & Politicians
- - ACTION CENTER - -
Guard My Credit Links
Helpful Pamphlets
- - - - - - - - - - - - - - -
About ACCESS
Contact Us
About Our Site
Join the Fight
ACCESS is a non-profit, tax exempt consumer advocacy group.

Donations are tax deductable.

Guard My Credit Hits
11453519 Visitors
More Obamacare Data Breaches Continue to Highlight Security Problems of Healthcare Exchanges PDF Print E-mail

November 25, 2013 - The security hits keep on coming for both Heathcare.gov (the federal healthcare exchange) and the various state insurance exchanges that serve about 1/3 of the country. Within the past two weeks, there have been two reports of people logging onto the exchanges only to be given access to the personal information of someone else. And in congressional testimony last week, four data security experts told congress that the public shouldn't be using the federal exchange due to lax data security. 

Image

Yesterday, the Vermont Health Connect website (which is the healthcare exchange run by the State of Vermont) confirmed a data breach which may have been self-inflicted. The breach occurred when one consumer who registered on the sight received a copy of someone else's insurance application via email. The consumer that received the email was apparently upset about it and notified the original insurance applicant. That applicant then notified the state exchange.

In an eerily similar incident on the federal exchange, a South Carolina resident by the name of Thomas Dougall who registered on the exchange simply shop prices received notification from a consumer in North Carolina that his information had been breached. Apparently Dougall's information had been supplied to the man in North Carolina when he logged onto the federal exchange.

These are not the first data breaches to occur on the healthcare exchanges. As we have previously reported, the Minnesota healthcare exchange suffered a breach on its first full day of operation.

More importantly, the data breaches mentioned here may not be the most significant that have occurred already. Last week in congressional testimony, the department of Health and Human Services (HHS) revealed that the federal exchange had been targeted by hackers 16 times already. None of those attempts had been successful according to HHS.

But based on follow-up testimony from a group of computer experts, the HHS statement may have grossly understated the actual number of hacking attempts against the site. Moreover, one of the people testifying stated specifically that the site may have already been compromised.

David Kennedy, CEO of data security firm TrustedSEC, told members of congress that "… if I had to guess, based on what I can see … I would say the website is either hacked already or will be soon.” Kennedy was later interviewed by Fox News and said that based on his analysis of the site, there had already been "a large number of SQL injection attacks against the healthcare.gov website, which are indicative of 'a large amount' of hacking attempts."

Kennedy went on to say, "Based on the exposures that I identified, and many that I haven’t published due to the criticality of exposures – if a hacker wanted access to the site or sensitive information – they could get it." In describing the threat for fraud and ID theft, Kennedy stated that the site was one of the largest repositories of consumer data that his company had ever seen.

Kennedy was not alone in his assessment. He was joined in his testimony by four other security experts and none of them had anything positive to say about Healthcare.gov's data security. Three of the four called for the site to be taken off-line until the security issues are fixed. And all four of them stated that no Americans should be using the site at present.

Any consumer who registers on the healthcare exchange needs to be aware of the risk for fraud and identity theft. The risk is there for both the federal and the state exchanges. At the time the federal exchange was launched, the government had done almost no security testing on it. To date, they have still not run an end to end security test.

  byJim Malmberg

Note: When posting a comment, please sign-in first if you want a response. If you are not registered, click here. Registration is easy and free.

Follow me on Twitter:

 

TwitterCounter for @jmalmberg

 

Follow ACCESS
Comments
Search
Only registered users can write comments!

3.25 Copyright (C) 2007 Alain Georgette / Copyright (C) 2006 Frantisek Hliva. All rights reserved."

 
Guard My Credit Polls
#1 - Why did you visit our site today?
 
.•*´¯☼ ♥ ♥ Your Support of These Links Is GREATLY Appreciated ♥ ♥ ☼¯´*•.
Advertisement
 
Go to top of page
Home | Contact Us |About Us | Privacy Policy
eXTReMe Tracker
12/23/2024 08:38:33