Dive Brief:
- While last year's disastrous launch of HealthCare.gov didn't allow for complete security testing, this year managers are working to meet far more rigorous standards.
- One improvement is that this year, the site is now run on a host that meets strict government standards for cloud computing.
- Leaders at HealthCare.gov are also doing daily security scans and weekly "white-hat" hacking attacks to simulate real intrusions and see whether they succeed. Homeland Security is also helping with its detection and defense capabilities.
Dive Insight:
Making sure that HealthCare.gov's data is secure is absolutely critical, and not just because people who use it are legally and ethically entitled to privacy. In recent years healthcare identity fraud has become a burgeoning industry, with such data selling at 10 times the price of credit card information. Stealing healthcare data is a global business, and sophisticated cyberattacks on sites that carry it can happen at any time.
Of course, no one can guarantee with absolute certainty that HealthCare.gov will never succumb to a cyberattack. (Top security experts frequently note that there's no such thing as perfect security, and that every site has hidden vulnerabilities.) But it's good to see that HealthCare.gov's management team is at least doing what it can.