Obama can’t say he wasn’t warned: Oh, look, the federal Obamacare exchange website was hacked in July

It may not be as headline grabbing as nude photos of celebrities that were lifted from Apple’s iCloud service, but a breach of Healthcare.gov, the federal Obamacare exchange, brings serious concerns about the security of the system as the Obama administration approaches the next open enrollment period.

The New York Times reports that, in July, hackers uploaded malware to a test server, one connected to Healthcare.gov, though they didn’t steal any information belonging to consumers:

The administration informed Congress of the violation, which it described as “an intrusion on a test server” supporting the website.

“Our review indicates that the server did not contain consumer personal information, data was not transmitted outside the agency and the website was not specifically targeted,” said Aaron Albright, a spokesman at the Centers for Medicare and Medicaid Services, which runs the website. “We have taken measures to further strengthen security.”

Mr. Albright said the hacking was made possible by several security weaknesses. The test server should not have been connected to the Internet, he said, and it came from the manufacturer with a default password that had not been changed.

In addition, he said, the server was not subject to regular security scans as it should have been.

Keep in mind that some members of Congress, mostly Republicans, and tech security experts raised concerns about the potential for breaches on the federal Obamacare exchange, which serves three-dozen states. In short, the fact that there was a breach isn’t a big surprise. But the most concerning part of the attack, outside of the fact that it went unnoticed until August 25, is that the hackers weren’t really trying:

“This was a botnet exploit, but you can be assured that had this been a more targeted attack, it would have been much more successful, stealthy and effective,” said Wayne Jackson, the chief executive of Sonatype, a software security firm.

Looks like the next Obamacare open enrollment period will be complicated for more reasons than just a shorter sign-up period and higher premiums.


The views and opinions expressed by individual authors are not necessarily those of other authors, advertisers, developers or editors at United Liberty.