Government Hackers Try To Crack HealthCare.gov

The government's own watchdogs tried to hack into HealthCare.gov earlier this year and found what they termed a critical vulnerability -- but also came away with respect for some of the health insurance site's security features.

Those are among the conclusions of a report released Tuesday by the Health and Human Services Department inspector general, who focuses on health care fraud.

The report amounts to a mixed review for the federal website that serves as the portal to taxpayer-subsidized health plans for millions of Americans. Open enrollment season starts Nov. 15.

So-called "white hat" or ethical hackers from the inspector general's office found a weakness, but when they attempted to exploit it like a malicious hacker would, they were blocked by the system's defenses.

HealthCare.gov had some advance warning of the hacking attempt -- a date range, but not specific times. HHS spokesman Kevin Griffis said the agency did not take additional precautions during that period.

The report came on the heels of the massive breach at Home Depot stores, which affected 56 million credit and debit cards. The inspector general's office released a public version that summarizes detailed findings delivered to the Obama administration.

It concludes that more work needs to be done to bolster security. Last week, the congressional Government Accountability Office released similar conclusions after its own review.

The inspector general found that the administration "has taken actions to lower the security risks associated with HealthCare.gov systems" and consumers' personal information.

But the auditors said they "remain concerned" about the use of encryption technology that is not certified to meet certain government standards. Encryption refers to the encoding of data traveling back and forth between consumers and HealthCare.gov to make it more secure.

In its formal response, the administration said it has taken other actions to resolve the encryption issue.

The inspector general's office tried to break...

Comments are closed.