HealthCare.gov website users should know that the issues with the website were not just a result of a very large amount of traffic pinging it in one go.
The security flaws in the website were quite primitive. Flaws you don’t really expect someone to have overlooked. For instance, the site relayed personal information without encryption and the e-mail verification could be easily bypassed – even if you did not have access to the e-mail account. Also, the amount of cookie data the site maintained was more than required and likely not tested under high loads. And these are only a few of the issues.
The site is a prime target for an account being hijacked. A malicious hacker has a vulnerable site where millions of victims are “coming” because the government mandated it. The holes in the website allow the hacker to compromise a very large amount of sensitive information about a lot of people, all in one shot.
There are certain precautions that website users can take…but the website has to be iron-clad to begin with. There are a lot of security tests, assessments, and penetration tests that the website, its servers, the supporting databases, and the entire infrastructure it was built on, need to undergo.
Website users should take precautions to ensure they don’t become victims of identity theft. The Federal Trade Commission (FTC) offers some good guidelines –http://www.consumer.ftc.gov/features/feature-0014-identity-theft.
The public needs to demand the equivalent level of information security from the ACA infrastructure as the Government would expect from a large hospital or healthcare associate via the HIPAA regulations.
Thanks to Enterprise Risk Management, www.emrisk.com, for help with the blog. ERM performs Penetration Testing and Security Implementation to Protect Businesses. By simulating an attack on your computer system or network, you determine if your information infrastructure is strong enough to withstand a real data security breach from both external and internal threat.