Security Expert: No Security Built Into Obamcare; Flaws Are Big Enough to Permit Hackers to Use Healthcare.gov to Hack Users' Computers; Could Take a Year to Fix Even Just the High-Priority Flaws

Good God. Video at the link, and it's worth watching.

"We're talking multiple months to over a year to at least address some of the critical-to-high exposures on the website itself."

And that's just to fix the big holes in security, nevermind closing the smaller exploits.

This expert's advice? If you like your identity, you should keep your identity off Healthcare.gov. Period.

“They said they implemented over 400 bug fixes,” he said. “When you recode the application to fix these 400 bugs—they were rushing this out of the door to get the site at least so it can work a little bit—you’re introducing more security flaws as you go along with it because you don’t even check that code.”

“I’m a little bit more skeptical now, and I would still definitely advise individuals to not use the website because it’s definitely something that I don’t believe is secure and neither did the four individuals that testified in front of Congress,” Kennedy said. “I think there’s some major security concerns there around privacy and information, and they haven’t even come close to being addressed, and won’t be in the short term.”

It gets worse, actually. The expert (a white-hat hacker) notes that the federal government is not required to inform users when their security has been compromised.

“States are required to notify in the event of a breach, the federal government is not,” he added. “So in the event that Healthcare.gov gets compromised and all their information gets taken out of it they don’t have to notify anybody.”

I think we can safely predict that Obama will hide this information from the victims of his site, as he's hidden all information from "Obamacare's losers" already.

Legislation Required: The bills floating around Congress should remedy this defect and include a command that victims of security breaches be alerted, and the public generally apprised of how many breaches occur.

And throw in a criminal penalty for responsible officials should they choose to conceal such breaches.

posted by Ace at 03:46 PM

| Access Comments