Healthcare.gov Exposed Confidential Information

Healthcare.gov Exposed Confidential Information

The security glitch in the original design of healthcare.gov has been fixed. At least that’s what a spokesman from Medicare and Medicaid said; however, after “eliminating this theoretical vulnerability,” crucial user information was exposed to anyone with basic web skills.

Healthcare.gov Exposed Confidential InformationThe site’s function that allows users to reset their password could be manipulated, allowing hackers to figure out if certain usernames were in use and what email address was associated with specific user names. This is extremely helpful for healthcare fraudsters to target unknowing people to gain fraudulent benefits.

According to an internal memo from the U.S. Center for Medicare and Medicaid Services, the security control assessment was only partly completed but assured that a “dedicated security team” would be assigned to monitor risks, conduct weekly scans and within 60 to 90 days after going live, “conduct a full-scale SCA test.” Thus, the memo did not detail any security concerns, and Marilyn Tavenner, director of the agency, thought the site was ready to go for its October 1st rollout date. In fact, healthcare.gov was tested with the results giving comfort in its performance.

Hackers have used password resets for some time now to gain access to confidential information…private information that purchasers of health insurance must provide…so this incident makes me wonder why the government wasn’t more careful when establishing this function on heathcare.gov.

Other security concerns have also been found on the site, including transmitting account information without encryption.

Sources:

http://www.theverge.com/2013/10/30/5046482/security-hole-in-healthcare-gov-exposed-user-email-addresses 

http://www.cnn.com/2013/10/30/politics/obamacare-website-warning-memo/index.html?hpt=hp_t1

http://swampland.time.com/2013/10/28/exclusive-password-reset-security-glitch-fixed-on-healthcare-gov/

About the Author

Ginger Hill is Group Social Media Manager.

  • ONVIF is Reaching New Heights ONVIF is Reaching New Heights

    In this episode of SecurPod, Ralph C. Jensen and Leo Levit talk about the organization’s addition of GitHub and the milestone of more than 20,000 conformant products, as well as two Release Candidates. We also talk about the challenges ONVIF faced during this COVID-19 year and the biggest challenges they have faced.

Digital Edition

  • Security Today Magazine - May June 2021

    May June 2021

    Featuring:

    • Tapping into Touch-free Digital
    • Deep Learning
    • Working from Home
    • Body-worn Technology
    • A Tragic Turn of Events

    View This Issue

  • Environmental Protection
  • Occupational Health & Safety
  • Infrastructure Solutions Group
  • Spaces4Learning
  • Campus Security & Life Safety