The Security Hot Seat: HealthCare.gov
Welcome to our newest blog feature, The Security Hot Seat. Every Monday we will put a person or organization in the Hot Seat based on the security news of the past week. We picked quite a week to kick this off!
First there was the UPS store breach, then came JP Morgan Chase. We could have put any number of Hollywood celebs in the seat with the SelfieGate incident, but given the nature of the images we felt that would have been in poor taste. Home Depot was also a clear contender given the speculation that their breach could be broader than Target’s when all is said and done. But we ultimately went with HealthCare.gov.
An outside attacker broke into the HealthCare.gov insurance website in July and uploaded malicious software on a test server, according to federal officials and reported by the Wall Street Journal last week. "Our review indicates that the server did not contain consumer personal information; data was not transmitted outside the agency, and the website was not specifically targeted," HHS said in a written statement. With mid-term elections around the corner and given all their past technical woes, this was that last thing HealthCare.gov needed. Sure no data was lost (this time), but the fact that the test server was connected to the Internet, didn’t have any security software, and was protected by the default password from the manufacturer makes their security team look like a bunch of amateurs. This registration site serves almost 5 million US consumers in 36 states – better batten down those security hatches, HealthCare.gov, you are still a ripe target for hackers.