Hacked: Where Did Healthcare.gov Go Wrong?

Healthcare.gov has been hacked. The U.S. Department of Health and Human Services (HHS) has confirmed that part of the site was breached in July by hackers who uploaded malware to a test server.

A security team at the Centers for Medicare and Medicaid Services (CMS), a unit of HHS, discovered the breach last week. So what happened? An HHS official told CBS News that the hacker was traced to a foreign IP address but is not believed to be a state actor.

EUOur review indicates that the server did not contain consumer personal information; data was not transmitted outside the agency, and the Web site was not specifically targeted," HHS said in a written statement. "We have taken measures to further strengthen security.EU

Where Did IT Go Wrong?

The Wall Street Journal was the first to break the story on Thursday. Now, reaction is pouring in from politicians and security experts alike.

House Oversight and Government Reform Committee Chairman Darrell Issa was critical of the administration, which was aware of a glitch that Arizona software tester Ben Simo found last year. The glitch offered a way for bad actors to hack into users' accounts.

EUConsidering this administration launched Healthcare.gov over the objections of CMS, itEUs unsurprising that the Web site has suffered a EUmalicious attack,EUEU said Issa, a California Republican. EUFor nearly a year, the administration has dismissed concerns about the security of Healthcare.gov, even as it obstructed congressional oversight of the issue.EU

According to CNN, the breach happened because of a series of mistakes. The news group reports that a computer server that routinely tests portions of the Web site was not set up correctly.

EUIt was never supposed to be connected to the Internet -- but someone had accidentally connected it anyway,EU CNN reported. EUThat left it open to attack, and on July...

Comments are closed.