Wednesday, January 28, 2015
Healthcare.gov, Third-party Embedded Websites and Information Security
‘A little-known side to the government's health insurance website is prompting renewed concerns about privacy, just as the White House is calling for stronger cybersecurity protections for consumers.
It works like this: When you apply for coverage on HealthCare.gov, dozens of data companies may be able to tell that you are on the site. Some can even glean details such as your age, income, ZIP code, whether you smoke or if you are pregnant.
The data firms have embedded connections on the government site. Ever-evolving technology allows for individual Internet users to be tracked, building profiles that are a vital tool for advertisers.
Connections to multiple third-party tech firms were documented by technology experts who analyzed HealthCare.gov, and confirmed by The Associated Press. There is no evidence that personal information from HealthCare.gov has been misused, but the number of outside connections is raising questions.
"As I look at vendors on a website...they could be another potential point of failure," said corporate cybersecurity consultant Theresa Payton. "Vendor management can often be the weakest link in your privacy and security chain."’ - New privacy concerns over government's health care website, myway.com, 01/20/2015
Link to the entire article appears below: