Expert: Obamacare Site At Risk of Cyber Attacks

Security consultants will discuss their findings before a House committee Thursday.

  • Share
  • Read Later

A cyber security expert is expected to tell a House committee Thursday that the government’s healthcare.gov website is still dangerously vulnerable to cyber attacks from hackers, Reuters reports.

Hackers could take advantage of more than 20 vulnerabilities to steal personal information, damage the website or attack the personal computers of users on the site, David Kennedy, head of the computer security consulting firm TrustedSec LLC, told Reuters. He said the government had failed to fix issues he and others reported shortly after the site went live.

“These issues are alarming,” he told Reuters. Kennedy will join three other experts testifying before the House Science, Space and Technology Committee on Thursday.

But Teresa Fryer, chief information security officer at CMS, defended the site’s security Thursday, saying independent security contractors had found that the site met industry standards for cyber-security.

“The protections that we have put in place have successfully prevented attacks,” Fryer said in a separate House testimony Thursday. “While no serious security professional will ever guarantee that any system is hack-proof, I am confident, based on the recent security controls assessment and additional security protections, that the [site] is secure.”

Healthcare.gov is the portal through which Americans in 36 states can sign up for insurance plans under President Barack Obama’s Affordable Care Act. But the site suffered debilitating technical problems in the weeks after it launched Oct. 1. The Obama administration scrambled to repair the site, and it has reportedly worked more smoothly since December.

“To date there have been no successful security attacks on HealthCare.gov and no person or group has maliciously accessed personally identifiable information from the site,” the Centers for Medicare and Medicaid Services that oversees the site told Reuters in a statement.

[Reuters]

5 comments
jsfox
jsfox

Umm name a enterprise that isn't a risk for cyber attacks? 

Irony
Irony

@mantisdragon91While it's fairly obvious that Issa is doing this as a deliberate sabotage attempt. Any site which relies on people not knowing its code for security is not secure. It's the programming equivalent of hiding under the sheets so the monsters don't see you.

mantisdragon91
mantisdragon91

@Irony@mantisdragon91I actually don't think that the site relies on people not knowing the source code as its chief means of defense, however anytime you make the source code available on a public site it certainly makes the hackers jobs much easier.

Irony
Irony

@mantisdragon91@IronyNot necessarily. Yes the hackers can look through the source code for vulnerabilities, but so can everyone else. If code being public were a problem, then open source software would be less secure than private software, but normally the exact opposite is true.


To put it simply, if there code isn't secure enough, soon everyone will know it. Had there code not been exposed it could have remained insecure in secret.