Healthcare.gov Exposed Confidential Information

Healthcare.gov Exposed Confidential Information

The security glitch in the original design of healthcare.gov has been fixed. At least that’s what a spokesman from Medicare and Medicaid said; however, after “eliminating this theoretical vulnerability,” crucial user information was exposed to anyone with basic web skills.

Healthcare.gov Exposed Confidential InformationThe site’s function that allows users to reset their password could be manipulated, allowing hackers to figure out if certain usernames were in use and what email address was associated with specific user names. This is extremely helpful for healthcare fraudsters to target unknowing people to gain fraudulent benefits.

According to an internal memo from the U.S. Center for Medicare and Medicaid Services, the security control assessment was only partly completed but assured that a “dedicated security team” would be assigned to monitor risks, conduct weekly scans and within 60 to 90 days after going live, “conduct a full-scale SCA test.” Thus, the memo did not detail any security concerns, and Marilyn Tavenner, director of the agency, thought the site was ready to go for its October 1st rollout date. In fact, healthcare.gov was tested with the results giving comfort in its performance.

Hackers have used password resets for some time now to gain access to confidential information…private information that purchasers of health insurance must provide…so this incident makes me wonder why the government wasn’t more careful when establishing this function on heathcare.gov.

Other security concerns have also been found on the site, including transmitting account information without encryption.

Sources:

http://www.theverge.com/2013/10/30/5046482/security-hole-in-healthcare-gov-exposed-user-email-addresses 

http://www.cnn.com/2013/10/30/politics/obamacare-website-warning-memo/index.html?hpt=hp_t1

http://swampland.time.com/2013/10/28/exclusive-password-reset-security-glitch-fixed-on-healthcare-gov/

About the Author

Ginger Hill is Group Social Media Manager.

  • The Z-Wave Alliance Focuses on the Residential Market The Z-Wave Alliance Focuses on the Residential Market

    Mitchell Klein serves as the executive director of the Z-Wave Alliance, an industry organization that drives numerous initiatives to expand and accelerate the global adoption of smart home and smart cities applications. In this Podcast, we talk about the 2022 State of the Ecosystem, and the fact that technology has brought about almost unimaginable residential security resources. The Alliance also provides education resources as well as looking at expanding technology.

Digital Edition

  • Security Today Magazine - May June 2022

    May / June 2022

    Featuring:

    • The Ying and Yang of Security
    • Installing Smart Systems
    • Leveraging Surveillance
    • Using Mobile Data
    • RIP Covid-19

    View This Issue

  • Environmental Protection
  • Occupational Health & Safety
  • Infrastructure Solutions Group
  • Spaces4Learning
  • Campus Security & Life Safety