Sunday, September 7, 2014

HealthCare.gov Hacked

HealthCare.gov is a website that was created following the Patient Protection and Affordable Care Act (commonly known as “ObamaCare”). The idea was to create a health insurance exchange website, operated by the government, that would help individuals get private health insurance through subsidies and other forms of cost assistance.

The website rolled out on October 1st of 2013, and since then has faced numerous technical problems. Many people had trouble even accessing the website as it faced some serious downtime. Once on the site, others had trouble getting the website to accept their applications for health insurance. Much of the public raised significant concern over how much was spent on the website and who had won the contract. A number of federal contractors worked on the site and had received over $500 million dollars as of October of 2013. In July of 2014, the Government Accountability Office released a study that concluded the problems were due to ineffective planning and lack of project oversight from the government. Over the past year, most of these problems have been resolved and the website is functioning as originally designed.

Recently it was announced that the HealthCare.gov site was hacked during the summer of 2014. Hackers were able to silently infect one of the HealthCare.gov servers with a piece of malware. The Health and Human Services department, who is in charge of managing the website, launched a full scale investigation into what data and information was compromised. Their review luckily turned up that the server in question did not contain any personal information. The review also showed that the malware did not transmit any data out of the server to an external site. This means the malware was not specifically targeting HealthCare.gov or attempting to get data from it. The malware was instead designed to turn the server into a zombie machine, one that sends out spam and viruses to other computers and servers.

The fact that this malware was able to get on the server is particularly concerning, given the number of Americans who trusted their information to this government funded website. In an attempt to ease fears that may have been caused by this malware infection, the government explained how this intrusion happened. It was caused by several different mistakes. The server was one that constantly tests different portions of the website to make sure everything is functioning as it should be. As a testing server, it was never supposed to be connected to the internet. It was inadvertently connected which let it be susceptible to the intrusion. The malware was put in place on July 8th but it was not found until over a month later. The website has a security team, that supposedly does daily checks for any types of intrusions, did not find the malware until August 25th. The Federal Bureau of Investigations and Department of Homeland Security are both investigating who planted the malware but it looks like it came from various overseas IP addresses. The Health and Human Services department has promised they will take “measures to further strengthen security” on the HealthCare.gov website.

No comments:

Post a Comment