If you have finally resigned yourself to signing up for the Affordable Healthcare Act via healthcare.gov, please think twice before you apply. Recent testimony in Congress has clearly pointed out the fact that security testing has either been non-existent or minimal at best. The folks who put this mess together can’t get the basics to work and they have shown little interest in protecting your security.
I have done a little research on this today and these are just a few excerpts from various sources on internet security. Lets start with what John McAfee had to say about healthcare.gov:
“Oh, it’s seriously bad. Somebody made a grave error, not in designing the program but in simply implementing the web aspect of it. For example, anybody can put up a web page and claim to be a broker for this system. There is no central place where I can go and say, OK, here are all the legitimate brokers, the examiners for all of the states, and pick and choose one. Instead, any hacker can put a website up, make it look extremely competitive, and because of the nature of the system — this is health care, after all — they can ask you the most intimate questions, and you’re freely going to answer them. What’s my Social Security number? My birth date? … Here’s the problem. It’s not something software can solve. I mean, what idiot put this system out there and did not create a central depository? There should be one website, run by the government, you go to that website and then you can click on all of the agencies. This is insane. So, I will predict that the loss of income for the millions of Americans who are going to lose their identities… read more.
An article on healthcareitnews.com points out some valid concerns:
“Fred Chang, computer science professor at Southern Methodist University and former national security agency research director, was next to weigh in, emphasizing the fact that we can’t underestimate our cyber adversaries.
Chang said within the first few weeks of launching HealthCare.gov, more than 700 mimic websites were set up. Hackers and cybercriminals will take advantage of the users who will undoubtedly mistype the website name or find it from a search engine. One of the biggest risks, he said, is from bogus websites. These criminals, he said, “will find seams in the system, will attack you in ways you won’t expect.” …read more.
Has the system already been hacked? It probably has, if not it soon will be. This following is from nakedsecurity.sophos.com:
Hackers have thrown about 16 attacks at the US’s HealthCare.gov website, a top US Department of Homeland Security (DHS) official says.
According to CNN, Acting Assistant Homeland Security Secretary Roberta Stempfley of the Office of Cybersecurity and Communications says that the attacks, now under investigation, all failed.
Ms. Stempfley testified at a hearing of the House Homeland Security (HHS) Committee, saying that the attempts were made between 6 and 8 November, but that none were successful. …read more.
Reason.com also had some information on security issues related to the healthcare.gov website:
The first major issue is the lack of, and inability to conduct, an end to end security test on the production system. The number of contractors and absence of an apparent overall security lead indicates no one was in possession of a comprehensive, top down view of the full security posture. 3For a system dealing with what will be one of the largest collections of PII, and certain to be the target of malicious attacks and intrusions, the lack of a clearly defined and qualified security lead is inconsistent with accepted practices.
This is completely unacceptable from an industry perspective, and is in extreme contravention of security best practices. Only in the government could such a gaping hole be allowed to exist without fear of consequence. This shows a lack of understanding for the consequences to consumers and the protection of also creates massive opportunity for fraud, scams, deceptive trade practices, identity theft and more. Much of this is playing out right now. …read more.
It is ultimately up to you, the consumer to make a decision on your healthcare insurance. But if you value your personal information, the government’s flaming pile of dog excrement known as healthcare.gov is not the place that you should be sharing your personal information. Forget the politics, forget the costs, just concentrate on the fact that the government has built one of the least secure web sites on earth and that in all likelihood you will end up sharing all your information with someone who will not be looking out for your best interests.
You may now return to your regularly scheduled surfing.
Tim
For more good stuff visit my primary website.
Follow Tim on twitter @tl1000rzx2
No comments:
Post a Comment