‘HealthCare.gov has continuing security frailties that put users' sensitive personal information at risk, a government watchdog is set to tell Congress this week.
Despite the federal government's efforts to protect the website from breaches, "weaknesses remained in the security and privacy protections applied to HealthCare.gov and its supporting systems," said the Government Accountability Office.
The agency released a report Tuesday on the security of the site, through which millions of Americans bought coverage under the health law last year and which millions more will be urged to use.
"Until these weaknesses are fully addressed, increased and unnecessary risks remain of unauthorized access, disclosure, or modification of the information collected and maintained by Healthcare.gov and related systems, and the disruption of service provided by the systems," according to the GAO report, published ahead of testimony to be given at a Thursday hearing of the Republican-led House Oversight and Government Reform Committee.
The warnings come two weeks after the Department of Health and Human Services disclosed that a hacker had broken into part of the site and uploaded malicious software during the summer.’
‘GAO said the CMS failed to ensure system-security plans were complete and was relying on a draft data-use agreement with a contractor tasked with verifying users' identities.
Moreover, the agency skipped some assessments of privacy risks and didn't perform comprehensive security testing of the HealthCare.gov system that used all of the security controls specified by the government ahead of the site's launch. Testing remained incomplete as of June 2014, GAO said.
The agency also hadn't set up an alternate processing site for HealthCare.gov systems that would allow them to be recovered in the event of a disruption, the watchdog found.
Other weaknesses included lax enforcement of password-strength requirements and inconsistent application of security patches to the system.
Certain systems supporting the site's infrastructure weren't restricted from accessing the Internet, which increased the risk that unauthorized users could get to data.
Moreover, one of the federal agency's contractors hadn't properly secured its administrative network, which could allow unauthorized access to the HealthCare.gov system.
Many of the problems stemmed from the agency's disagreements about security roles and responsibilities with the various contractors, states and federal agencies that exchange information as part of the HealthCare.gov system, the watchdog said.’ - Federal Health Care Website Faces Security Risks, Watchdog Finds, WSJ, 09/16/2014
Link to the entire article appears below:
Update 09/18/2014: Government Insider Warned of HealthCare.gov Security Risks: ‘I Am Tired of the Cover Ups’, dailysignal.com