Is it safe to shop HealthCare.gov?
So, we’re all required to have medical insurance, but at what costs? Now there are concerns that following the Obamacare law, specifically by shopping on HealthCare.gov, could compromise the privacy of individuals.
According to the Associated Press, Obama administration officials are facing mounting questions about whether they cut corners on security testing while rushing to meet a self-imposed deadline to launch online health insurance markets.
Documents show that the part of HealthCare.gov that consumers interact with directly received only a temporary six-month security certification because it had not been fully tested before Oct. 1, when the website went live. It’s also the part of the system that stores personal information.
The administration insists the trouble-prone website is secure, but technicians had to scramble to make a software fix earlier this week after learning that a North Carolina man tried to log on and got a South Carolina man’s personal information. A serious security breach would be an unwelcome game-changer for an administration striving to turn the corner on technical problems that have inconvenienced millions of consumers and embarrassed the White House.
The website was supposed to provide easy access to a menu of government-subsidized coverage options under President Barack Obama’s health care law. Administration officials say they remain confident it is secure.
It was not immediately clear how the North Carolina man was able to view the personal information of the man in South Carolina. However, a vulnerability that has afflicted websites for years is known as “horizontal privilege escalation,” in which a legitimate user of a website slightly alters the string of random-looking characters in the website’s address or inside downloaded data files known as “cookies,” causing the system to display information about the accounts of other users. It can be protected against by a well-designed website.
The administration has declined to explain what happened and how the problem was fixed. A Health and Human Services department official, speaking on condition of anonymity to discuss operations, said they have no evidence such a scenario was involved.
According to federal law and policy, all government computer systems must have a security certification before going live.
HealthCare.gov has two major components: an electronic “back room” that did get full security certification and the consumer-facing “front room” that’s temporarily certified.
The back room, known as the federal data hub, pings government agencies to verify applicants’ personal information. It does not store data.
But the front room does. That’s where consumers in the 36 states served by the federal website create and save their accounts. While the individual components of the front room did undergo security testing, the system as a whole could not be tested because it was being worked on until late in the game.
Some of the strongest supporters of the health care law have expressed unease over security. “This is a paramount concern,” said Iowa Democratic Sen. Tom Harkin, chairman of the Senate Health, Education, Labor and Pensions Committee. “Consumers have to be absolutely certain that when they go on and they fill out that application … no one can hack into that and steal their Social Security numbers or identity.”
Short URL: http://www.jenningsdailynews.net/?p=23563