Healthcare.gov Hacked? This could be the sites new issue.

healthcare.gov hackedOk, so viagra and cialis spammers have not hacked Healthcare.gov, but is the new governmental insurance exchange website secure?  (after all, if anyone could get in it would be these spammers, they are everywhere!) This is a site that transmits some of the most confidential and private information on individuals out there, and connects to other systems and platforms with equally sensitive personal information.  Healthcare.gov is being portrayed on some forums as a hackers dream, because of the level of sensitive information that it houses,  and the wide open cracks in system security that leave it susceptible to even novice hackers.

  •  First, middle, and last name….check,
  • social security number…..check,
  • social security numbers and names of your children….check,
  • income and tax information…..check,
  • business tax identification numbers…check,
  • birth date….check,
  • city your mother was born in….check.
  • recent and past addresses…check

Each and every key piece of information which could be used to steal someone’s identity can be found on the healthcare.gov site for those who have created an account.  We insist upon secure sites for banking, bill pay, and even ordering merchandise online…..shouldn’t we require the same of this site?

As a matter of fact, in our Linkedin Forum, Healthcare Insider, CEO of GlobalEos, Mike Faris recently asked “Has anyone checked on security from hackers on the exchanges? I am hearing the exchanges are a welcome invitation to hackers with very little security.”

What we have found is that indeed Mike is correct.  Security is a huge issue for the Healthcare.gov site.

As another member of our LinkedIn Group Healthcare Insider, Donna Cusano, a health tech expert with telecareaware stated “I’ve been covering this for Telehealth & Telecare Aware, and the best answer I can suss is that the exchanges are a hacker’s happy hunting ground and because of all the rotten code in the system (plus that most of the back end is either not built or jury-rigged) you can fully expect to have your private data breached. (Buy Lifelock before using) Re the state exchanges that are supposedly working, they feed into the Federal which isn’t. The impressive user stats that NY State trotted out for its website were 1) all Medicaid policies and 2) hacker attacks.”

While this conversation is certainly a microcosm of a larger dialogue which is taking place in relation to the security of the healthcare.gov website, more attention to this subject is sure to arise as users of the site increase.  As a matter of fact, just this morning it was reported by the International Business Times that Healthcare.gov was hit by a DoS tool called Destroy Obamacare which puts strain on the site through repeated contact requests.  In addition to this, on Monday the 9th the Department of Homeland Security reported that Healthcare.gov has been hit by as many as 16 high level cyber attacks.  

In fact, in recent congressional hearings those in charge of the site essentially conceded that they went live with the site due to impending deadlines, despite the fact that the site was riddled with erroneous code and susceptible to attack.  We anticipate that as the focus shifts from getting the site working, to people actually using the site, these reports will increase exponentially.  Each and every weak code in the site is a potential soft spot for hackers, and those in charge of the site will need to work diligently to close these gaps in security….though with the emphasis on correcting how the site actually works, getting the site secure could take some time.

If you plan on purchasing insurance through the exchange, here are some recommendations that could leave you less susceptible:

  • Take Donna Cusano’s advice and get LifeLock or some other equitable fraud protection prior to using the site
  • Consider filling out your application via phone vs. the online portal – until the portal has been secured
  • Monitor your personal information and credit reports after creating a healthcare.gov account to ensure that there is no suspicious activity going on – if you note something strange follow up immediately

Another great post which covers in detail the ways in which Healthcare.gov is susceptible to hackers can be found on the Huffington Post Tech Section.  While the administration continues to work on getting the site to function, and keep information secure, those who are using the site should proceed with appropriate caution.  Happy Healthcare Shopping!