Obamacare Website Is a Security Nightmare
Timothy McGovern /
The Obama administration is urging its supporters to make the most of the holidays by turning family dinners and other social gatherings into platforms for boosting enrollment in Obamacare.
Supporters can even log on to a working website for talking points that can help them push loved ones including those who, due to Obamacare regulations, have lost “the insurance they liked” to sign up for health insurance through HealthCare.gov.
If you find yourself being pressured at the dinner table to “sign up now,” take a deep breath and consider the risks before going online.
HealthCare.gov debuted Oct. 1 and, overnight, became the new poster child for government ineptitude. From its propensity to crash to its multitude of security problems and bureaucratic inefficiencies, it provided a seemingly inexhaustible supply of material for late night comedians.
But the site is no laughing matter. It is a security nightmare, one that leaves users’ personal information vulnerable to hackers and others. And that vulnerability appears to be open-ended.
In late October, a North Carolina man accidently discovered a security breach on the site: It allowed him to access a stranger’s private enrollment and subsidy information. The user Justin Hadley immediately contacted the Department of Health and Human Services about the breach, and asked them to remove his own account from the site to protect his own information. After weeks of waiting, his information account was finally deleted in mid-November.
And when it comes to security, state health exchange sites haven’t fared much better.
Officials at CoverOregon, Oregon’s health exchange, are reviewing their privacy protections after workers there committed three personal data breaches in three days. Vermont officials overseeing the state’s health exchange website confirmed a security breach there that gave one user improper access to another’s Social Security number and other data.
Two months after HealthCare.gov’s disastrous debut, the administration claimed the site had made “dramatic progress” and was, essentially, “fixed.” But those assurances addressed only the site’s ability to handle more traffic without going into cardiac arrest.
While the metrics the government used to declare HealthCare.gov “fixed” are fine as far as they go, they are woefully incomplete. Notably missing is any metric addressing security.
On Nov. 19, four IT experts testified before the House Committee on Science, Space and Technology. All agreed that HealthCare.gov was a security nightmare that presented unacceptable risks to users. One went so far as to dub the website “IdentityTheft.gov.”
Since then, of course, the administration once again has pronounced the website “fixed.” Unfortunately, it “doesn’t appear that any security fixes were done at all,” says David Kennedy, CEO of the online security firm TrustedSec.
Indeed, Kennedy told The Washington Free Beacon, the “fixes” made to increase the site’s capacity may have left the site even less secure. His professional advice? “I would still definitely advise individuals to not use the website.”
And the website isn’t the only source of security concerns over the Obamacare enrollment process. Obamacare navigators nearly 50,000 people contracted by the government to help consumers wade through the insurance process and select a plan never had to undergo background checks.
Folks who disclose their personal financial and medical information to navigators during the sign-up process may leave themselves wide open to fraud and identity theft.
Stealing a medical identity is more lucrative than other kinds of identity theft. Consumers are left facing bogus charges and ruined credit scores.
Whether flying solo on HealthCare.gov or enlisting the aid of a navigator, the security risks of signing up for Obamacare remain sky high. All Americans and especially the young might want to hold off for a while until you get an official “all clear.”
You wouldn’t settle for a half-baked Christmas dinner. Why take a chance on the half-baked HealthCare.gov?
Originally distributed by McClatchy-Tribune News Service