Dive Brief:
- The Government Accountability Office (GAO) released a report that found 316 security incidents occurred between October 2013 and March 2015 on HealthCare.gov. However, no personal information was released and most incidents involved electronic probing by hackers.
- Security weaknesses were identified in the data services hub, which verifies consumers' personal information with federal agencies like Social Security, Homeland Security, and the IRS. There were also "significant weaknesses" in state health insurance sites that connect to the data hub.
- The data hub has been operating smoothly even when the consumer portal of HealthCare.gov crashed when initially launched in 2013.
Dive Insight:
Some additional security issues the GAO reported include:
- inconsistent use of security fixes
- insufficient restrictions on "administrator privileges"
- insecure administrative network
- improperly secured personal information
HHS responded to the GAO stating consumer data security and privacy is a top priority and accepted the agency's 27 recommendations, which were not released to the public, according to The Associate Press.