U.S. healthcare website has security bugs, expert warns Congress
Source: Reuters
The website at the center of U.S. President Barack Obama's healthcare overhaul has security flaws that put user data at "critical risk" despite recent government assurances it is safe to use, a respected security expert said on Tuesday.
"There are actual, live vulnerabilities on the site now," David Kennedy, head of computer security consulting firm TrustedSec LLC, told Reuters before testifying at a congressional hearing on the topic "Is My Data on HealthCare.gov Secure?"
Kennedy, a former U.S. Marine Corps cyber-intelligence analyst, presented a 17-page report describing the problems to the House Science, Space and Technology Committee. It does not go into specifics in some areas, he said, because that could provide criminals with a blueprint for launching attacks.
The website is an online exchange that allows consumers to shop for insurance plans under Obama's Affordable Care Act, which mandated that Americans have health insurance and created new marketplaces to buy and sell policies.
Read more: http://www.reuters.com/article/2013/11/19/us-usa-healthcare-security-idUSBRE9AI0NR20131119
Iliyah
(25,111 posts)although some of those breaches I believe are GOPers in nature.
valerief
(53,235 posts)bocephus0706
(27 posts)And got his start at with the NSA.hmmmmm
Myrina
(12,296 posts)Were there no serious and objective IT firms available for this program?
MisterP
(23,730 posts)TwilightGardener
(46,416 posts)"Republicans opened a second front in their political battle against President Barack Obama's healthcare program on Tuesday, with a coordinated effort to convince Americans not only that its main enrollment website is broken but that personal data is vulnerable to theft.
In a Republican-sponsored hearing in the U.S. House of Representatives, three security experts said HealthCare.gov has security flaws that put user data at risk despite government assurances."
quadrature
(2,049 posts)best to wait until there
is s security 'all-clear'
be safe
PSPS
(13,579 posts)But I'm sure he can provide just the fixes that are needed, right?
Jesus Malverde
(10,274 posts)To me as programmer it's weird to see the site load all these libraries hosted on private external servers. Hack any of them and you have hacked healthcare.gov
//dnn506yrbagrg.cloudfront.net/pages/scripts/0011/1179.js?384697
//s.ytimg.com/yts/jsbin/www-widgetapi-vflyFvlBB.js
//stats.g.doubleclick.net/dc.js
www.googletagmanager.com/gtm.js?id=GTM-FQF
//rum-static.pingdom.net/prum.min.js
//plus.google.com/112755994883163074657
//cdn.optimizely.com/js/166688199.js
google-analytics.com
//static.chartbeat.com/js/chartbeat.js
These are actual, live vulnerabilities on the site now.
Some more technical info http://builtwith.com/?https%3A%2F%2Fwww.healthcare.gov%2F