News & Resources

Is Healthcare.gov secure from hacking, identity theft?

Dec 12, 2018 Dave King

Is Healthcare.gov secure from hacking, identity theft?

The popularity of the new health care online marketplace is undeniable. According to The Washington Post, 4.7 million users visited the new Healthcare.gov site within 24 hours of its initial launch.

However, that success was not without its problems. The news source also reported that the site had a string of technical difficulties, not the least of which was its inability to load at all for many users and blocking some consumers from signing up for insurance.

Now, those technical issues seem to be the most benign of the Healthcare.gov bugs the government's programmers will need to work out. According to CNN, Rep. Mike Rogers, Chairman of the House Intelligence Committee, told Candy Crowley on the news provider's television show "State of the Union" that he felt the site may be vulnerable to hacking attempts that could jeopardize the security of citizens' identities and consumer credit data.

"It was very clear to me in the hearing that they do not have an overarching, solid cybersecurity plan to prevent the loss of private information," Rogers said on the show, according to the news source.

Further, the Michigan representative was concerned that the site's vulnerabilities may be deeply systemic rather than surface-level.

"The way that the system is designed, it is not secure. They may have to redesign the entire system," remarked Rogers, CNN reported.

A short history of security troubles


Rogers is not the first to voice concerns about how the system protects consumers' sensitive information. MNSure, Minnesota's new state-run health care online marketplace, came into national focus recently as an employee mistakenly forwarded an unencrypted document containing the names, Social Security numbers and other identifying data of more than 2,400 of the state's insurance agents, according to CBS News.

More recently, that same site came under fire when it was discovered that citizens who block access to their consumer credit reports for fear of identity theft could not apply for insurance, as the security measure also blocked MNSure's attempts to verify an applicant's identity through a credit check, Minnesota Public Radio reported.

After the federal site launched, Mother Jones pointed out that Healthcare.gov contained a security flaw that left it open to the possibility of clickjacking. Using this method, hackers could exploit code vulnerabilities to embed malicious links in the legitimate site, so that when users entered their private information, the thieves would see it too.

Sebelius responds
In response to concerns of this kind, the Administration's Secretary of Health and Human Services Kathleen Sebelius recently wrote on the federal agency's official blog, acknowledging some of the site's difficulties but assuring the public that their data is secure. In doing so, she pointed out that the system's Data Services Hub does not keep consumer information in one centralized location.

"It's important to understand that the Hub is not a database. It doesn't retain or store information. And the Hub queries only those systems necessary to determine your eligibility for what you apply for," Sebelius wrote.

Rather, Sebelius noted, the Hub routs information stored in a variety of governmental departments' databases in order to process citizens' insurance applications.