Healthcare.gov Exposed Confidential Information

Healthcare.gov Exposed Confidential Information

The security glitch in the original design of healthcare.gov has been fixed. At least that’s what a spokesman from Medicare and Medicaid said; however, after “eliminating this theoretical vulnerability,” crucial user information was exposed to anyone with basic web skills.

Healthcare.gov Exposed Confidential InformationThe site’s function that allows users to reset their password could be manipulated, allowing hackers to figure out if certain usernames were in use and what email address was associated with specific user names. This is extremely helpful for healthcare fraudsters to target unknowing people to gain fraudulent benefits.

According to an internal memo from the U.S. Center for Medicare and Medicaid Services, the security control assessment was only partly completed but assured that a “dedicated security team” would be assigned to monitor risks, conduct weekly scans and within 60 to 90 days after going live, “conduct a full-scale SCA test.” Thus, the memo did not detail any security concerns, and Marilyn Tavenner, director of the agency, thought the site was ready to go for its October 1st rollout date. In fact, healthcare.gov was tested with the results giving comfort in its performance.

Hackers have used password resets for some time now to gain access to confidential information…private information that purchasers of health insurance must provide…so this incident makes me wonder why the government wasn’t more careful when establishing this function on heathcare.gov.

Other security concerns have also been found on the site, including transmitting account information without encryption.

Sources:

http://www.theverge.com/2013/10/30/5046482/security-hole-in-healthcare-gov-exposed-user-email-addresses 

http://www.cnn.com/2013/10/30/politics/obamacare-website-warning-memo/index.html?hpt=hp_t1

http://swampland.time.com/2013/10/28/exclusive-password-reset-security-glitch-fixed-on-healthcare-gov/

About the Author

Ginger Hill is Group Social Media Manager.

Featured

New Products

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities

  • FEP GameChanger

    FEP GameChanger

    Paige Datacom Solutions Introduces Important and Innovative Cabling Products GameChanger Cable, a proven and patented solution that significantly exceeds the reach of traditional category cable will now have a FEP/FEP construction.

  • QCS7230 System-on-Chip (SoC)

    QCS7230 System-on-Chip (SoC)

    The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge.