• Hypertrophic Cardiomyopathy (HCM)
  • Vaccines: 2023 Year in Review
  • Eyecare
  • Urothelial Carcinoma
  • Women's Health
  • Hemophilia
  • Heart Failure
  • Vaccines
  • Neonatal Care
  • NSCLC
  • Type II Inflammation
  • Substance Use Disorder
  • Gene Therapy
  • Lung Cancer
  • Spinal Muscular Atrophy
  • HIV
  • Post-Acute Care
  • Liver Disease
  • Biologics
  • Asthma
  • Atrial Fibrillation
  • RSV
  • COVID-19
  • Cardiovascular Diseases
  • Prescription Digital Therapeutics
  • Reproductive Health
  • The Improving Patient Access Podcast
  • Blood Cancer
  • Ulcerative Colitis
  • Respiratory Conditions
  • Multiple Sclerosis
  • Digital Health
  • Population Health
  • Sleep Disorders
  • Biosimilars
  • Plaque Psoriasis
  • Leukemia and Lymphoma
  • Oncology
  • Pediatrics
  • Urology
  • Obstetrics-Gynecology & Women's Health
  • Opioids
  • Solid Tumors
  • Autoimmune Diseases
  • Dermatology
  • Diabetes
  • Mental Health

Healthcare.gov full of holes

Article

Security pros say the federal site is wide open to breaches, malware and theft of personal information



My local Target store still has a sign posted reminding customers that they can receive free credit monitoring and identity theft protection. It’s a make-good after the retailer’s

massive data breach a few months ago.
Should Target hang its head in shame or should other businesses feel empathy because no system is 100% secure? It can happen to anyone? It’s probably all of the above.
But at least Target-with 2,000 locations-can patch its system and help the 110 million affected customers recover. In fact, the store was bustling during my Saturday morning visit, as if nothing had happened.


Gateway to trouble


If there were a security breach to healthcare.gov, the fallout  would be far worse than anything Target has experienced. A breach could spread well beyond the core marketplace platform and into much larger and far-reaching systems, such as IT interfaces for nearly all the nation’s health insurers, state Medicaid agencies and the ubiquitous Internal Revenue Service, just to name a few.
According to Kevin Johnson, CEO of Secure Ideas, a security professional who testified before Congress recently about healthcare.gov, exposures on the site have been identified that leave the door open for cyber attacks. In the months since the 20 or more weaknesses were first documented, none of them have been fully remedied.
I called Johnson, and he told me there are generally two categories of vulnerabilities: hackers’ access to sensitive personal data; and hackers’ ability to launch malware through a site. Healthcare.gov has both of these problems, and federal officials were aware of them months ago.
A vulnerability report was presented by David Kennedy of TrustedSec, who is also known as the “white hat hacker” in IT circles. He engaged Johnson and five other experts to review his report in late 2013 and verify for lawmakers that he wasn’t kidding about the faults.
“Their initial reaction was that security is fine,” Johnson told me. “When more information was brought forward, the answer was that it wasn’t as bad as it seems.”
Healthcare.gov isn’t a typical site, in that it’s a gateway to so many other businesses and government entities. A breach could be disastrous.
“If you want to attack American citizens, this is the site to do it,” according to Johnson.
In fact, when the Department of Health and Human Services changed tech vendors for healthcare.gov recently, it gave me the illusion that better security was forthcoming at last. Johnson, however, believes the new vendor has an even worse track record and anticipates the site will be just as weak as it ever was.


Best practice


One of your best practices is to treat every interaction with healthcare.gov-or any state exchange site for that matter-as potentially dangerous to your security. Johnson says too many insurers will consider the exchanges to be trusted sources, with an assumption that what comes through a state or federal government channel must be secure.
“It’s critical that organizations start to embed this type of process into their development and purchasing,” he says. “Security is important, yet so many have treated it like something we can bolt on.”


Read the blog by David Kennedy here
 

Related Videos
Video 11 - "Closing Current Gaps within Fertility Benefits and Care"
Video 10 - "Shaping Fertility Coverage: Access, Costs & Medical Needs"
Video 9 - "Denial of Coverage in Fertility Care"
Video 8 - "Risks of Miscarriage and Multiple Births Associated with Fertility Care"
Video 7 - "Fertility Preservation: Egg Freezing Versus Embryo Freezing"
Video 6 - "Family Building Costs, Barriers, and Dropout Rates Associated with Fertility Care"
Video 5 - "Closing Payer Gaps and Improving Fertility Care Access"
Video 4 - "Increasing Employer Coverage and Maximizing Fertility Benefits "
Video 5 - "Relevance of NUTURE Study Findings for Patients, Payers, Providers"
Video 3 - "Improving IVF Success Rates & Utilizing AI in Fertility Health Care"
Related Content
© 2024 MJH Life Sciences

All rights reserved.