ObamaCare Hackathon: Healthcare.gov May Expose Social Security Numbers

Tyler Durden's picture

The Obamacare tech team should add another pressing cyber issue to its to-do list. As Mother Jones reports, web secuirty experts warn that that Healthcare.gov (and various state exchanges), the Obamacare websites, has a security flaw that could make sensitive user information, including Social Security numbers, vulnerable to hackers. The website, reportedly, has a coding problem that could allow hackers to deploy a technique called "clickjacking," where invisible links are planted on a legitimate web page. Using this scheme, hackers could trick users into giving up personal data as they enter it into the web site, potentially placing Americans at risk of identity theft or allowing fraudsters to file bogus health care claims.


Via Mother Jones,



it's not just the federal exchange that has security problems. Some of the 15 states that have established their own online exchanges aren't using standard encryption throughout their Obamacare websites—leaving user information at risk.




Here's the problem: When an American signs up for Obamacare online, they must enter a good deal of personal information to verify identity—including name, Social Security number, phone number, email address, income, and employer—and identifying information for their family members. In the majority of states, Americans will enter this information directly into the Healthcare.gov website.


Kyle Wilhoit, a threat researcher at Trend Micro, a Japanese security software company, studied the Healthcare.gov portal with his security team and found a "moderate risk" for hacking due to an easy-to-fix coding problem that leaves the site vulnerable to clickjacking.




"Common clickjacking would be a popular method to attempt to exploit [the site]" says Wilhoit. "Hackers could use this information in the creation of fake identities, fake credit cards, and fake accounts very easily." He adds that it's relatively easy to fix, although the fixed code would need to rolled out on multiple Healthcare.gov pages and potentially state websites as well.


Asked about clickjacking concerns, the Department of Health and Human Services (HHS) referred Mother Jones to this security statement, which says that Americans don't need to worry: "If a security incident occurs, an Incident Response capability would be activated, which allows for the tracking, investigation, and reporting of incidents."




Some state Obamacare sites could be significantly more vulnerable than the federal portal. Healthcare.gov site uses a common form of encryption called Secure Sockets Layer (SSL), which prevents information from being intercepted by a hacker after you click "send" (SSL doesn't defend against most clickjacking). But the 15 states currently running their own independent Obamacare websites do not have explicit instructions from the HHS to use SSL.




"These state sites...represent more viable targets for direct attack" than the federal data hub, Budd argues. And hackers have been known to target state healthcare programs—last year, over 280,000 Social Security numbers were stolen from Utah's Medicaid server.




Many security experts argue that Healthcare.gov's code would quickly improve if it was open source—posted publicly for other programmers to examine, adapt, and improve. In fact, the code for the site was originally supposed to be open source. But HHS removed its code from open-source websites after developers complained they had trouble distinguishing which code belonged to which part of the website. Since then, all of Healthcare.gov's coding mistakes have happened behind closed doors.

So apart from low sign-up rates, inability to handle visitor volumes, FUBAR Account creation, incorrect pricing guidelines, helpline overload, and security holes... Obamacare is a great success so far

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
TeamDepends's picture

Problems? Dial 1 800 FU....

macholatte's picture


Anybody know how much Obamacare has cost so far?


Skateboarder's picture

Nothing, compared to what it's going to cost everyone in standard of living.

jaap's picture

Mother Jones? That shill??

somecallmetimmah's picture

"Hellcare.gov May Expose Social Security Numbers"?

Is that a threat?  With the tacit approval of the Social Security Administration?!?


Manthong's picture

<<<<<   Obamacare is a flesh-eating virus.

<<<<<  The ACA is revenue neutral, will lower healhcare costs, and you can keep your same plan and doctor if you want.

kralizec's picture

Needy up-arrow whore!  ;)


Manthong's picture

..just searching for love anywhere I can get it

MarsInScorpio's picture

MomJo shills for the Left Wing Looney Tunes.


If they are saying something is broken, it must be REALLY broken - on the verge of vaporizartion.


This is an incredibly big disaster - and no one with any sense will even visit the site - let alone try to use it.


GeezerGeek's picture

Call me cynical, but I wouldn't be at all surprised if the healthcare.gov site was sabotaged on purpose. Then Obama can act tough, call in the A-Team, get it fixed in about six weeks, and let everyone know once again that he's saved us. For all we know, the beta tests went fine and then they threw in some errors for the initial deployment.

James-Morrison's picture

Hell no, I won't go!

Just sign-up on the Provider's company website. They each have one with the same plans listed on the .gov exchange. Don't forget to set the pricing to "2014".

If you qualify for a subsidy, take a tax credit on your TY2014 form 1040 (if you can afford to wait).

Don't dip your spoon into that steaming bowl of FUBAR.

lewy14's picture


I read Mother Jones from time to time just to see what smoke the Red Team is blowing up my ass.

When I read stuff in MK that could come from National Review, then Houston we have a problem...

Lewshine's picture

Obamacare could directly cause Cancer, sterility, blindness and poverty - Doesn't matter, because it's the democratically elected psychopath's legacy at stake...Where's your fucking priorites??

Joe Davola's picture

Consult a physician if you catass for more than 4 hours while trying to login to the federal exchange website.

Manthong's picture

..at least Barry does not have to worry about his genuine Connecticuit SSN because he only needs is for posturing.

NOTaREALmerican's picture

Re:  Anybody know how much Obamacare has cost so far?

The people I know ready to loot it are hoping at it "cost" at least as much as Big-MIC.

It's the government,  who cares about cost as long you are personally getting the loot?

somecallmetimmah's picture

"...it "cost" at least as much as Big-MIC."



Ying-Yang's picture

Healthcare.gov is $680 million with $98 million going to Canadian firm.

It is broken but they got paid.

Flying Wombat's picture

A Bloomberg study out earlier this week talked about $1Billion+ and all they did was look at "ACA" on contracting bid databases to come up with a number MUCH higher than previous government estimates.  Google Bloomberg Obamcare Cost or some-such and you'll find it.

Eric Dubin, Managing Editor, TheNewsDoctors.com

Trampy's picture

Anybody know how much Obamacare has cost so far?

Cost?  In terms of what, exactly?  And to WHOM, and WHEN?

Monetary cost to produce it, or cost of the damage it will ultimately cause, or both?

There are sure to be other "costs" as well.  Anyone who thinks they know the answer is a fool. 

There is probably a number made up by someone somewhere at OMB that purports to answer your question, but, in the immortal words of Hillary, "what difference does it make?!" 

GeezerGeek's picture

The greatest cost will be in terms of liberty and privacy, or the lack thereof. 

icanhasbailout's picture

You'll be protected by the same people who still can't find Rachel from Card Services.

One And Only's picture

But. Free birth control. Should help lower reproduction in those urban areas full of degenerates. Thanks Obama

InTheLandOfTheBlind's picture

when it doesn't do ya think that they are gonna suggest forced sterilization?


YES.                                     (sarc/ off)

SDShack's picture

Along those lines, what's insane is how liberals will scream and demonstrate to the ends of the earth on abortion, specifically how NOTHING must ever come between a woman and her doctor. But they are perfectly fine in creating the biggest govt bureacracy on earth known as 0zer0care that puts 2 layers between the woman and her doctor (govt and insurance) for EVERY healthcare decision she is going to make for the rest of her life, including her partner's life, and her children's lives. Say that to a liberal and watch their heads explode.

Stoploss's picture

I think Barry care is going one place, and one place only...


Straight back up Barry's ass, where it came from..........

john39's picture

obongocare was designed to fail...  this is an interim step towards a single payer system that our owners so desire.

ChubbNut's picture

"obongocare" - good one John! /sarc

Winston Churchill's picture

Thats the website 's best feature.Prolly designed in by the NSA.

Makes you wonder if the govt. spying is truly a threat.I'm sure the same level

of total incompetence is prevalent there as well.Maybe moreso  seeing there is

no oversight at all.The data center doing frquent impersonations of a TESLA car

does makes you wonder.

Dewey Cheatum Howe's picture

The emperor is a lot more naked than people realize. There is perception then reality, they tend to not reside in the same plane. The competence of this shit show called the healthcare exchange website is not an isolated problem but a symptom of something bigger.

1stepcloser's picture

Thats fine, most who need to sign up don't have viable SSNs to steal, what FICO of 550 at best.....no new credit lines with that mess..  Now if they can steal EBT numbers???

depression's picture

Bragging rights. Surprised it has taken this long for Anon to get around to exploiting the web-site, perhaps they still blindly worship their O'savior.

l.kimbot's picture

$290, 000, 000 to infinity.  No surprise.   Ultimately,  it will be the IRS' party.  "Penalties and interest. "

carbonmutant's picture

Looks like the Tea Party's attempts to delay Obamacare were doing the Democrats a favor...

Papasmurf's picture

The dems screwed up.  They could have caved in to the Repukes while they bandaged up this program to role it out a year later.

earnyermoney's picture

Yep. Now the Red team is going to beat the Blue team's ass like a drum through the mid-term elections.

thatthingcanfly's picture


Why is gold ramping on a Friday afternoon? Isn't it supposed to be getting crushed right about now?

Urban Redneck's picture

No SSL? Hundred of millions of dollars? And it still doesn't work?

Are we even sure that cunt Sebelius even knows what a website is or an insurance application is? Or what the internet is? Or what healthcare is?


Both DHS Management and .GOV contractors.

NOTaREALmerican's picture

Re:  Both DHS Management and .GOV contractors.

HA!   funny one.    Feature, not a bug.  

Non Passaran's picture

It's a cost saving measure.

Do you know how expensive SSL certs are?

The government is trying to save every cent it possibly can!

socalbeach's picture

5 years from now.


Obama: "ACA would have worked, but people are a little screwy sometimes."