HealthCare.gov Faces Security Breach Scare

A test version of the government’s health insurance site was hacked

• By Matt Holden
• Sep 08, 2014

According to a report, hackers breached the website of HealthCare.gov, the government’s health insurance marketplace. Obama administration officials said that no personal information on customers was stolen. They described the attack as an intrusion on a test server that was supporting the site.

“Our review indicates that the server did not contain consumer personal information, data was not transmitted outside the agency and the website was not specifically targeted,” said Aaron Albright, a spokesman at the Centers for Medicare and Medicaid Services, in the story. “We have taken measure to further strengthen security.”

There were several weaknesses that led to the attack, including: the test server was connected to the internet when it should not have been, it came from the manufacturer with a default password that had not been changed, and the server was not subject to regular security scans as it should have been.

The site has been a point of contention for many government officials, and security is a major reason why.

“Despite numerous warnings from myself and other lawmakers that security breaches were possible, HealthCare.gov underwent virtually no independent security testing,” said Senator Orrin G. Hatch of Utah, the senior Republican on the Finance Committee, in the story.