‘A hacker broke into part of the HealthCare.gov insurance enrollment website in July and uploaded malicious software, according to federal officials.
Investigators found no evidence that consumers' personal data were taken or viewed during the breach, federal officials said. The hacker appears only to have gained access to a server used to test code for HealthCare.gov, the officials said.
The server was connected to more sensitive parts of the website that had better security protections, the officials said. That means it would have been possible, if difficult, for the intruder to move through the network and try to view more protected information, an official at the Department of Health and Human Services said. There is no indication that happened, and investigators suspect the hacker didn't intend to target a HealthCare.gov server.
The prospect nevertheless raised concerns among federal officials because of how easily the intruder gained access and how much damage could have occurred.’
‘Washington officials said they are concerned an intruder gained access to the HealthCare.gov network through a basic security flaw. The server had low security settings because it was never meant to be connected to the Internet, the HHS official said. When the hacker broke in, it was only guarded by a default password, which often is easy to crack.
"There was a door left open," the official said.
The department discovered the break-in weeks later on Aug. 25 during a daily security scan. Buried amid lines of computer log files were data showing the test server had been contacted by the outside Internet, which wasn't supposed to happen.
Lawmakers first raised security concerns about HealthCare.gov when it launched nearly a year ago. At the time, then-HHS Secretary Kathleen Sebelius said the department had a plan in the event of a security breach. Other hacking attempts reportedly have been made, but none appear to have been successful before this.
"It is full of data that criminals covet," said Rep. Joe Barton (R., Texas), who opposes the health-care law. "Handing private information over to the government is bad enough. People should at least know it won't fall into the hands of hackers."‘ - Hacker Breached HealthCare.gov Insurance Site, WSJ, 09/04/2014
The entire article appears in the link below: