Monday, November 04, 2013

IT BEGINS: Major Security Breaches Reported on Healthcare.gov

I've got good news and bad news for Healthcare.gov: the site works once in a while, but now I'm seeing someone else's personal health data.

WIS-TV in Columbia, South Carolina reports the details of a major security breach on the main Obamacare website:

About a month ago, attorney Tom Dougall logged on to healthcare.gov to browse for cheaper insurance for him and his wife.

On Friday, the last thing he expected to hear on his voicemail was a man from North Carolina who says he can access all of Tom's personal information... Dougall says he thought it was a scam until he realized his privacy had been breached.


"I believe somehow the ACA, the Healthcare website has sent me your information, is what it looks like," said Justin Hadley, a North Carolina resident who could access Tom's information on healthcare.gov. "I think there's a problem with the wrong information getting to the wrong people."

..."I tried to call healthcare.gov last night and they have no procedure whatsoever to handle security breaches," he said. "All they can do is try to sell you a policy."

Dougall has also contacted his congressmen. He says he's calling the Department of Health and Human Services directly on Monday.

"They're so concerned with trying to fix the problems they currently have that they refuse to acknowledge or won't acknowledge that there's been a major breach," Dougall said...

This should come as no surprise for a website that was basically broken from the get-go.

Moments ago, CBS News's brilliant investigative reporter Sharyl Attkisson reported that "HealthCare.gov ducked final security requirements before launch":

The health care website went down again Monday for an hour and a half, and no one is sure why. It's being taken offline on purpose every night from 1 a.m. to 5 a.m. for repairs. Millions are still having trouble buying insurance on it, and it turns out that even when the website works, it may not be secure enough to protect privacy.

As HealthCare.gov was being developed, crucial tests to ensure the security and privacy of customer information fell behind schedule.

CBS News analysis found that the deadline for final security plans slipped three times from May 6 to July 16. Security assessments to be finished June 7 slid to August 16 and then August 23. The final, required top-to-bottom security tests never got done.

...[In fact,] four days before the launch, the government took an unusual step. It granted itself a waiver to launch the website with "a level of uncertainty ... deemed as a high (security) risk.

Let me guess: the loathsome and freakish architect of Obamacare named Ezekiel Emanuel will now blame the users themselves for the data breaches, just as he blames insurance companies and the private sector for his catastrophic, stillborn brainchild.


Hat tip: BadBlue News.

6 comments:

Mike aka Proof said...

Obama not only believes that everyone should have healthcare, but that everyone should also have their own identity thief. Then, we will have achieved true equality!

Dapandico said...

Where are the SC Democrats?

South Carolina Democrats are planning what they are calling vigils around the state coinciding with the anniversary of the hacking of the tax returns of millions of South Carolinians.

Democratic Party Chairman Jaime Harrison held a news conference in Charleston Monday on the one-year anniversary of Gov. Nikki Haley announcing that unencrypted information was hacked from returns of nearly 4 million adults, almost 2 million of their dependents and 700,000 businesses.

Harrison, who observed 10 seconds of silence, called Haley's handling of the hacking a failure of leadership.


http://www.wistv.com/story/23747713/sc-democrats-plan-vigils-for-hacking-anniversary

ADT Calgary said...

They'll figure it out.

Cliff M said...

"They'll figure it out" Was that sarcasm? I didn't see a sarc tag. If it wasn't, then I would like to know to whom you are referring to that will "figure it out" would that perhaps be flying butt monkeys heralding the arrival of Master Geek class Yetis riding Unicorns down the sparkling Rainbow bridge of Magical progressive thought? Can you even try to internalize a small part of the extent of the calamity this horrid law has, and will do to this nation?

Andrew_M_Garland said...

"The health care website is being taken offline on purpose every night from 1 a.m. to 5 a.m. for repairs."

This strongly suggests that there is no system test arrangement for running and testing Healthcare.gov in parallel to the public website.

This would arise from not building in a software switch which would allow a back-end server to run the combined code for testing, without being altered by public access. A back-end server is a computer which implements the website.

This doesn't bode well, because it implies that daily development cannot be tested without disconnecting the public interface. How did they expect to continue development after the site went live?

EasyOpinions

Novel Technical Hub said...

Obamahealth care are totally failed and this insurance not provides best services. I don't know why can't the government just see that.
___________
http://www.whywaitintheer.com/