Word comes today that HealthCare.gov has been hacked by a person or person’s unknown. Reports indicate that the initial breach occurred in early June but went undetected until recently when IT specialists scanning the logs manually noted the issue. According to government officials . . . there was no loss of sensitive data. In an NBC news report during the rollout, a spokesperson for the Department of Health and Human Services noted that “When consumers fill out their online Marketplace applications, they can trust that the information they’re providing is protected by stringent security standards and that the technology underlying the application process has been tested and is secure.”
Since its rollout the program has been beset with problems, and early on computer experts have sounded warning bells that the website was not secure enough considering the huge amount data that would be inputted and stored. Commenting on the security of the site, security expert Ed Skoudid said “Reviewing the security issues discovered in the healthcare.gov site, I can tell you: this is a breach waiting to happen…” Early this year the Washington Post noted that “The security of HealthCare.gov has been the object of an ongoing investigation by Rep. Darrell Issa (R-Calif.). The chairman of the House Oversight Committee has been pounding away at HealthCare.gov’s security flaws…”
Now it appears that site has been breached despite assurances that it was secure. HealthCare.gov is perhaps the highest profile website in the US and one could only assume that the most stringent of cyber security plans would have been put in place to protect it. However, hackers are clever people, and if they can’t assault a website directly they persist in their efforts until they find a chink in the site armor and then quickly exploit the discovered vulnerability. If we take the government’s assurance that no data was lost, we must also assume that no malicious software was introduced during the breach period to leverage discovered information into something bigger.