The security of HealthCare.gov has been breached by a hacker or hackers in July. The Centers for Medicare and Medicaid Service, which run the website, briefed congressional staff on the matter on Thursday.
“Our review indicates that the server did not contain consumer personal information, data was not transmitted outside the agency and the website was not specifically targeted,” said Aaron Albright, spokesman at the Centers for Medicare and Medicaid Services. “We have taken measures to further strengthen security,” The New York Times reports.
Fortunately, no private data has been stolen. An investigation discovered that a malware was installed on one of the computers running the website. The software was used to run distributed denial of service (DDoS) on other websites. Basically, a DDos attack means that servers receive so many legitimate requests at the same time that they cannot handle them. As a result, they crash.
The second open enrollment period on HealthCare.gov begins on November 15. According to the spokesperson, the July attack will have no impact on this process.
This is the perfect time for Republican representatives to attack the program which they did not supported from the start. “Designing a secure website should have been a top priority for this administration,” said Diane Black, representative of Tennessee.
In fact, the hacked computer was should not have been connected to the Internet. The computer’s role was that of hosting tests of new codes before implementing them on the on the official platform. The malware was detected at the end of August by Department of Health and Human Services employees. Probably the intention of the hacker was to use the computer to launch attacks on other websites.
Cybersecurity expert David Kennedy told Reuters he is deeply worried about the security of the website. As it was designed, he said, it will take a long time to get it fixed, because there are fundamental flaws lying at its core. Security analysts are worried that if a hacker managed to access the computer so easily, the private data stored on HealthCare.gov is not secured. They argue that the Government downplayed the severity of the attack, but as HealthCare.gov was hacked, this will fuel the debate on data protection.
The news could not have come at a worse time for cloud computing technology, as other major attacks have been undertaken recently. Personal data has been stolen from JPMorgan and the European Central Bank, Cnet reports.