One of the fears of the hasty cobbling together federal ObamaCare website last year was that security had taken a backseat to the October 1 launch deadline –placing the private information of Americans at risk.
Those fears have been confirmed as the Administration just admitted that healthcare.gov was hacked over the summer. The break-in which occurred in July was just discovered last week by federal health officials. Apparently, no personal data was taken nor do federal officials think the website was specifically targeted, but that's not much comfort.
For a system that collects the names, address, social security numbers, and other private information of Americans, there’s an expectation that security should be a top priority but apparently not for the federal government. Even after the technical glitches were fixed following the botched rollout, security was never bumped up the priority list. Tech experts commenting on this breach note that when the geek squad was brought in to fix healthcare.gov, they focused on functionality not security.
I feel for the over five million Americans who signed up for ObamaCare. If an unsophisticated attack with no intent to steal information went undetected for over a month, what will happen when expert hackers take a crack at it?
The government’s response to this breach? Don’t worry open enrollment on Nov. 15th won’t be delayed. And that’s a big part of the problem.
Although no personal, financial or health data were compromised in the attack, which may not even have been aimed specifically at HealthCare.gov, the hacker implanted a bug that appears to have gone undetected for six weeks. Republicans in Congress had long warned of security breaches of the site, as had cybersecurity experts familiar with its workings.
“Today’s news that HealthCare.gov was hacked should come as a surprise to no one,” said Sen. Orrin Hatch (R-Utah). “Despite numerous warnings from myself and other lawmakers that security breaches were possible, HealthCare.gov underwent virtually no independent security testing. … It’s yet another deeply disturbing failure of the president’s health law, and once again it is the American people who are bearing the brunt of the law’s failures.”
The hacker or hackers appears to have accessed a server and uploaded harmful software, which can be used to launch other attacks. A CMS spokesman said those attacks were not in fact carried out.
CMS said the hack would not affect the start of the second enrollment period, which begins Nov. 15.
The agency said it briefed key congressional staff about the intrusion, which occurred July 8 and was discovered Aug. 25 as “unusual server traffic” on a test server that supports HealthCare.gov. “Our review indicates that the server did not contain consumer personal information; data was not transmitted outside the agency, and the website was not specifically targeted. We have taken measures to further strengthen security,” a CMS statement said.
The commonplace malware uploaded on the site’s test server was designed to use the computer to send fake traffic to other sites in what is called a denial of service attack, CMS said. Such attacks are designed to keep people from using websites and not to steal personal identifiers such as Social Security numbers.
Some technology experts say that the attack appears to be relatively unsophisticated, but that it nevertheless points to a worrisome hole in HealthCare.gov security that could be exploited by more expert hackers.
I’m not sure which is worse, that the website was hacked or that federal officials only discovered the attack from July only last week. What would have happened if private information had been stolen? A month is plenty of lead time to drain bank accountants, secure and max out credit cards or do other drastic things.
Access to all of that information in one place is a hacker’s dream and lack of security his greatest open window.
This is embarrassing for the Administration which has adamantly defended its website as secure. Even when members of Congress proposed legislation to tighten security, the White House fought back furiously because they claimed it would create costly paperwork and not do enough to improve security. Talk about hypocrisy. How many small businesses and large corporations are swimming in new regulatory paperwork thanks to ObamaCare?
ObamaCare is our generation’s example of failed government experimentation. The President and his cast of “experts” thought they could sit down in a room and draw up a blueprint for fixing the problems with healthcare in our country. They may have meant well but what they built is not well.
Not only was this a house built on sand, it was built with faulty tools, based on a bad blueprint, and using shoddy parts. It’s just a matter of time before it comes apart.