Jump to content

healthcare.gov only 50% complete!


Rayj
 Share

Recommended Posts

The billling part is not even started! Enrollees have to make a payment by 15-Dec!!!!

 

There was a hearing of 4 independent IT security engineers. One of them got a

text during the hearing from one of his workers who uncovered 30 more vulnerabilities.

 

And the wreck keeps on rolling towards the cliff! Hilarious!

 

 

Link to comment
Share on other sites

More news...

 

Healthcare.gov ‘may already have been compromised,’ security expert says

 

Not only is healthcare.gov at risk, it may already have been compromised, a security expert testified before the Senate.

“Hackers are definitely after it,” said David Kennedy, CEO of information security firm TrustedSEC before a House Science, Space, and Technology committee hearing on security concerns surrounding the problematic Healthcare.gov website.

 

“And if I had to guess, based on what I can see … I would say the website is either hacked already or will be soon.”

Kennedy told FoxNews.com he based this on an analysis revealing a large number of SQL injection attacks against the healthcare.gov website, which are indicative of "a large amount" of hacking attempts.

'I would say the website is either hacked already or will be soon.'

- David Kennedy, CEO of information security firm TrustedSEC

"Based on the exposures that I identified, and many that I haven’t published due to the criticality of exposures – if a hacker wanted access to the site or sensitive information – they could get it," he told FoxNews.com.

 

A spokesman for the Department of Health and Human Services, which runs the nation's new healthcare website, did not immediately respond to a request to for more information.

One key problem facing Healthcare.gov is that security wasn’t built into the site from the very beginning, he said -- an opinion shared by both Kennedy and Fred Chang, the distinguished chair in cyber security at Southern Methodist University.

 

“There’s not a lot of security built into the site, at least that’s what we can see from a 10,000 foot view,” Kennedy told the committee. And although the site doesn’t house medical records, it integrates deeply with other sites, includes ecommerce information, and houses a vast array of data that presents a very salient target.

 

“It’s not only social security numbers … it’s one of the largest collections of personal data, social security and everything else, that we’ve ever seen,” Kennedy said.

Some members of the panel expressed surprise at the harsh words, noting that, among other things, people enter social security numbers all over the web. Congresswoman Eddie Johnson, D.-Texas, a member of the committee, noted too the ready availability of medical records in the past.

 

“Why is there such an outcry in this court when medical records have been so available [in the past],” she asked. “Is the healthcare industry lagging in these security measures?”

That’s exactly the case, said Avi Rubin, technical director of Johns Hopkins University's Information Security Institute. The healthcare industry is indeed woefully behind.

“It’s actually the most far behind in terms of security … there are even things in the operating room that surprise me. I think the healthcare it industry needs to learn a lot from some of the other industries to bring its security up to par,” Rubin said.

 

Rubin called for a security review of the site, but stopped short of calling for a complete tear down and rebuild of the healthcare.gov site. Others were less cautious.

“You can bolt a metal door on to make a house better, but if the foundation is bad…” Kennedy said.

 

All four cyber security experts unanimously concurred that, given the security issues, Americans should not use the site at present.

Link to comment
Share on other sites

Join the conversation

You are posting as a guest. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...