Nonpartisan congressional investigators announced on Wednesday that Healthcare.gov, a website that is used by millions of users to get health insurance under President Barack Obama’s law has reported more than 300 cyber security breaches and still remains vulnerable.
However, the Government Accountability Office reported that none of those breaches have leaked personal data such as names, birthdays, SS numbers, financial information or other personal information.
Those incidents, that are collectively done over the course of 18 months, seem to involve electronic probing of hackers. Even though GAO said that the Administration is working on its security flaws, Healthcare.gov will still continue to jeopardize the personal information of its users.
Expert cybersecurity investigators found out the weaknesses that are responsible for protecting information flows in the system, called the data services hub. The hub pings different agencies such as Social Security, IRS, and Homeland Security to verify the personal information of the users.
With that, it is found out that other health insurance sites that connect to the data hub propose the same weakness. Government sites are frequent targets for hackers, and Healthcare.gov is not an exception.
The flaws that can be seen in the data hub is that there are insufficient tight restrictions on administrator privileges that hackers utilize to have a broader access to the system, inconsistency of security fixes and an unsecured administrative network.
In conclusion, 41 of those breaches are personal information that is not secured properly resulting to be shown on someone that is not authorized to see it. However, those cases will only do moderate impact on users.