Dive Brief:
- Security experts say that HealthCare.gov is extremely vulnerable to hacking attacks; one cybersecurity pro, TrustedSec CEO David Kennedy, says he accessed 70,000 HealthCare.gov records in 4 minutes. "It is insecure -- 100 percent," he observed.
- At a Congressional hearing last week on the issue, Kennedy said that of 17 already-known security holes, there has only been half of one vulnerability closed. Since those holes were identified, other security researchers have found an additional 20+ exposures on the site, according to blog Security is Sexy.
- The range of what hackers can access is wide, since other sites such as HHS and IRS technology are integrated into the site, making it easy to create a false online profile or otherwise misuse the information.
Dive Insight:
The sad reality is that you frequently have to weaken security to achieve convenience and integration. But in this case, it sounds like the feds have it way out of balance -- in fact, it sounds as though HealthCare.gov has more holes than a slice of Swiss cheese. Let's hope Accenture, who was put in charge of the site recently, is ready to bear down and close those holes with a vengeance.