Experts’ warnings about the Obamacare website’s complete lack of security apparently have been justified. The website reportedly gave at least three unknown individuals access [1] to a woman’s Social Security number, address and other data that could be used for identity theft.
Customer service operators at Healthcare.gov’s 1-800 number told Lisa Martinson about the unauthorized access when she called in to change her password [2], St. Louis TV station Channel 4 reported. When Martinson asked for her information to be removed from the site she was told it would take five days.
“If you’re signing up on healthcare.gov your information could be accessed by complete strangers,” Steve Savard an anchor at Channel 4 told viewers. Savard also said that the Department of Health and Human Services told him that it was taking the necessary steps to address Martinson’s concerns but didn’t say what those steps were.
“I just want my information that’s on there right now to be gone – right now – and nobody can do that,” Martinson said.
Martinson’s case is just the latest security breach at an Obamacare health insurance [3] exchange. As previously reported by Off The Grid News, Social Security numbers and other data about 2,400 insurance agents [4] working with the Minnesota Obamacare health insurance exchange were accidently emailed to an insurance broker in September.
McAfee Founder: Healthcare.gov is full of holes
These incidents apparently validate the claims of online security experts who have examined healthcare.gov and pronounced it unsafe.
Learn How to Save Thousands of Dollars on State-of-the-Art Treatment Abroad [5]
“It’s so full of holes that hackers are licking their chops,” John McAfee, the founder of the antivirus company McAfee Inc., said of Healthcare.gov. That was one of several allegations about Healthcare.gov [6] McAfee made to Fox News. The allegations include:
- The Federal Information Security Management Act of 2002 gives any federal intelligence or law enforcement agency including the NSA and the FBI the authority to access healthcare.gov data without a warrant or a court order. “We’re all going to be monitored by every agency of the government,” McAfee said of healthcare.gov.
- Source code for healthcare.gov apparently contained language that said users had no reasonable expectation of privacy. That was removed after journalists pointed it out to Health and Human Services Secretary Kathleen Sebelius [7].
- McAfee also predicted that people will have their money stolen because of the holes in healthcare.gov.
“Their bank accounts are going to be emptied not just by hackers but by the exchanges themselves because there are no controls,” McAfee said, “there are no security points that can guarantee the security of our data.”
Grave Concerns in the Security
McAfee’s concerns were echoed by Paul Oster, CEO of Better Qualified [8], a company that specializes in identity theft resolution.
“No it’s not safe,” Oster said in a Fox Business News segment. “You have identity thieves, very tech savvy people that have gotten their hands on the source code, the programming, the reverse engineering.”
Oster’s concerns were even more troubling than McAfee’s. His charges against healthcare.gov included:
- ICCS, the international governing body for cyber security, refused to certify healthcare.gov a secure site because it didn’t meet cyber security standards. “They launched that site knowing that there were grave concerns in the security,” Oster said.
- When it was launched Healthcare.gov didn’t comply with the federal government’s rules for online security.
- An Obama administration memo obtained by Congress indicates that the administration exempted healthcare.gov from the normal cyber security procedures for federal websites.
- One of the main concerns Oster had about Healthcare.gov is that it redirects users to other websites without having them pass through additional layers of security.
It should be noted here McAfee and Oster were discussing healthcare.gov. Healthcare.gov functions as the Obamcare exchange for states that are not operating their own exchanges such as Missouri. The two were not discussing security at the state exchanges.
John McAfee said that there is no way to fix the holes in the security at healthcare.gov.
“From a security standpoint you cannot fix these holes without completely redoing the architecture and that means throw the thing out and start over,” McAfee said.
McAfee predicted that the administration will make a cosmetic fix of healthcare.gov that will look good but the site will still be filled with holes. He also predicted there will be more problems as more and more people use the site.
[9]