Wednesday, July 09, 2014

ObamaCare Exchange Hacked : Officals Say 'Not to Worry' - Really?

'Rest assured the enrollees private information is secure' does not install confidence given how much incompetence is known among websites that serve ObamaCare. And if this isn't enough, having a government official explaining security and their isn't anything to worry about, is ludicrous, laughable. 

What government official that has found themselves in a jam ever, ever told the truth?

Vermont Exchange Hacked
Source: Jillian Kay Melchior, "Another Security Breach for Obamacare," National Review, July 1, 2014.

July 8, 2014

The Vermont health exchange's development server was attacked last December by a Romanian hacker, according to National Review.

While the technology firm in charge of the state's exchange, CGI Group, said the hacker did not access any servers that contained private consumer information, security expert Michael Gregg warns that it is possible that the attacker went on to access other parts of the exchange without detection.

The hacker accessed the server at least 15 times and went undetected for an entire month.
How did the hacker gain access to the server in the first place? The default password for the server had never been changed, and the server was not restricted to only approved users.

A European internet registry has already associated the hacker's IP addresses with other attacks, spam and malware. Had Vermont Health Connect been following best practices, says Gregg, it would have already blocked such potentially threatening IP addresses.

Vermont healthcare reform chief Lawrence Miller said that the highly compressed time frame in which the exchange was developed could have been a factor in the breach, noting that the hacked server was not protected by firewalls as it should have been.

In spite of these security lapses, Miller claims that Vermont residents ought to have confidence in the exchange to protect their private information, contending that no organization can ever make the chance of a security breach an impossibility.
 

No comments: