Sunday, September 7, 2014

ACA/Obamacare: Weeks Go By Before Detects Hacker Breaching Security and Uploading Malware

‘A hacker broke into part of the insurance enrollment website in July and uploaded malicious software, according to federal officials.

Investigators found no evidence that consumers' personal data were taken or viewed during the breach, federal officials said. The hacker appears only to have gained access to a server used to test code for, the officials said.

The server was connected to more sensitive parts of the website that had better security protections, the officials said. That means it would have been possible, if difficult, for the intruder to move through the network and try to view more protected information, an official at the Department of Health and Human Services said. There is no indication that happened, and investigators suspect the hacker didn't intend to target a server.

The prospect nevertheless raised concerns among federal officials because of how easily the intruder gained access and how much damage could have occurred.’

‘Washington officials said they are concerned an intruder gained access to the network through a basic security flaw. The server had low security settings because it was never meant to be connected to the Internet, the HHS official said. When the hacker broke in, it was only guarded by a default password, which often is easy to crack.

"There was a door left open," the official said.

The department discovered the break-in weeks later on Aug. 25 during a daily security scan. Buried amid lines of computer log files were data showing the test server had been contacted by the outside Internet, which wasn't supposed to happen.

Lawmakers first raised security concerns about when it launched nearly a year ago. At the time, then-HHS Secretary Kathleen Sebelius said the department had a plan in the event of a security breach. Other hacking attempts reportedly have been made, but none appear to have been successful before this.

"It is full of data that criminals covet," said Rep. Joe Barton (R., Texas), who opposes the health-care law. "Handing private information over to the government is bad enough. People should at least know it won't fall into the hands of hackers."‘ - Hacker Breached Insurance Site, WSJ, 09/04/2014

The entire article appears in the link below:



No comments:

Post a Comment