ObamaCare Hackathon: Healthcare.gov May Expose Social Security Numbers

Tyler Durden's picture




 

The Obamacare tech team should add another pressing cyber issue to its to-do list. As Mother Jones reports, web secuirty experts warn that that Healthcare.gov (and various state exchanges), the Obamacare websites, has a security flaw that could make sensitive user information, including Social Security numbers, vulnerable to hackers. The website, reportedly, has a coding problem that could allow hackers to deploy a technique called "clickjacking," where invisible links are planted on a legitimate web page. Using this scheme, hackers could trick users into giving up personal data as they enter it into the web site, potentially placing Americans at risk of identity theft or allowing fraudsters to file bogus health care claims.

 

Via Mother Jones,

...

 

it's not just the federal exchange that has security problems. Some of the 15 states that have established their own online exchanges aren't using standard encryption throughout their Obamacare websites—leaving user information at risk.

 

...

 

Here's the problem: When an American signs up for Obamacare online, they must enter a good deal of personal information to verify identity—including name, Social Security number, phone number, email address, income, and employer—and identifying information for their family members. In the majority of states, Americans will enter this information directly into the Healthcare.gov website.

 

Kyle Wilhoit, a threat researcher at Trend Micro, a Japanese security software company, studied the Healthcare.gov portal with his security team and found a "moderate risk" for hacking due to an easy-to-fix coding problem that leaves the site vulnerable to clickjacking.

 

...

 

"Common clickjacking would be a popular method to attempt to exploit [the site]" says Wilhoit. "Hackers could use this information in the creation of fake identities, fake credit cards, and fake accounts very easily." He adds that it's relatively easy to fix, although the fixed code would need to rolled out on multiple Healthcare.gov pages and potentially state websites as well.

 

Asked about clickjacking concerns, the Department of Health and Human Services (HHS) referred Mother Jones to this security statement, which says that Americans don't need to worry: "If a security incident occurs, an Incident Response capability would be activated, which allows for the tracking, investigation, and reporting of incidents."

 

...

 

Some state Obamacare sites could be significantly more vulnerable than the federal portal. Healthcare.gov site uses a common form of encryption called Secure Sockets Layer (SSL), which prevents information from being intercepted by a hacker after you click "send" (SSL doesn't defend against most clickjacking). But the 15 states currently running their own independent Obamacare websites do not have explicit instructions from the HHS to use SSL.

 

...

 

"These state sites...represent more viable targets for direct attack" than the federal data hub, Budd argues. And hackers have been known to target state healthcare programs—last year, over 280,000 Social Security numbers were stolen from Utah's Medicaid server.

 

...

 

Many security experts argue that Healthcare.gov's code would quickly improve if it was open source—posted publicly for other programmers to examine, adapt, and improve. In fact, the code for the site was originally supposed to be open source. But HHS removed its code from open-source websites after developers complained they had trouble distinguishing which code belonged to which part of the website. Since then, all of Healthcare.gov's coding mistakes have happened behind closed doors.

So apart from low sign-up rates, inability to handle visitor volumes, FUBAR Account creation, incorrect pricing guidelines, helpline overload, and security holes... Obamacare is a great success so far

0
Your rating: None
 

- advertisements -

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
Fri, 10/25/2013 - 13:02 | 4090499 TeamDepends
TeamDepends's picture

Problems? Dial 1 800 FU....

Fri, 10/25/2013 - 13:06 | 4090511 macholatte
macholatte's picture

 

Anybody know how much Obamacare has cost so far?

 

Fri, 10/25/2013 - 13:09 | 4090517 Skateboarder
Skateboarder's picture

Nothing, compared to what it's going to cost everyone in standard of living.

Fri, 10/25/2013 - 13:14 | 4090540 jaap
jaap's picture

Mother Jones? That shill??

Fri, 10/25/2013 - 13:28 | 4090574 somecallmetimmah
somecallmetimmah's picture

"Hellcare.gov May Expose Social Security Numbers"?

Is that a threat?  With the tacit approval of the Social Security Administration?!?

ELEVENTY!11!!!

Fri, 10/25/2013 - 14:21 | 4090814 Manthong
Manthong's picture

<<<<<   Obamacare is a flesh-eating virus.

<<<<<  The ACA is revenue neutral, will lower healhcare costs, and you can keep your same plan and doctor if you want.

Fri, 10/25/2013 - 15:08 | 4090999 kralizec
kralizec's picture

Needy up-arrow whore!  ;)

+1

Fri, 10/25/2013 - 15:20 | 4091050 Manthong
Manthong's picture

..just searching for love anywhere I can get it

Fri, 10/25/2013 - 13:36 | 4090611 MarsInScorpio
MarsInScorpio's picture

MomJo shills for the Left Wing Looney Tunes.

 

If they are saying something is broken, it must be REALLY broken - on the verge of vaporizartion.

 

This is an incredibly big disaster - and no one with any sense will even visit the site - let alone try to use it.

-30-

Fri, 10/25/2013 - 15:50 | 4091165 GeezerGeek
GeezerGeek's picture

Call me cynical, but I wouldn't be at all surprised if the healthcare.gov site was sabotaged on purpose. Then Obama can act tough, call in the A-Team, get it fixed in about six weeks, and let everyone know once again that he's saved us. For all we know, the beta tests went fine and then they threw in some errors for the initial deployment.

Sat, 10/26/2013 - 04:49 | 4092568 lewy14
lewy14's picture

No.

It's fucked.

Fri, 10/25/2013 - 17:33 | 4091450 James-Morrison
James-Morrison's picture

Hell no, I won't go!

Just sign-up on the Provider's company website. They each have one with the same plans listed on the .gov exchange. Don't forget to set the pricing to "2014".

If you qualify for a subsidy, take a tax credit on your TY2014 form 1040 (if you can afford to wait).

Don't dip your spoon into that steaming bowl of FUBAR.

Sat, 10/26/2013 - 04:41 | 4092565 lewy14
lewy14's picture

Exactly.

I read Mother Jones from time to time just to see what smoke the Red Team is blowing up my ass.

When I read stuff in MK that could come from National Review, then Houston we have a problem...

Fri, 10/25/2013 - 14:08 | 4090761 Lewshine
Lewshine's picture

Obamacare could directly cause Cancer, sterility, blindness and poverty - Doesn't matter, because it's the democratically elected psychopath's legacy at stake...Where's your fucking priorites??

Fri, 10/25/2013 - 14:17 | 4090797 Joe Davola
Joe Davola's picture

Consult a physician if you catass for more than 4 hours while trying to login to the federal exchange website.

Fri, 10/25/2013 - 19:07 | 4091677 Manthong
Manthong's picture

..at least Barry does not have to worry about his genuine Connecticuit SSN because he only needs is for posturing.

Fri, 10/25/2013 - 13:23 | 4090553 NOTaREALmerican
NOTaREALmerican's picture

Re:  Anybody know how much Obamacare has cost so far?

The people I know ready to loot it are hoping at it "cost" at least as much as Big-MIC.

It's the government,  who cares about cost as long you are personally getting the loot?

Fri, 10/25/2013 - 13:30 | 4090580 somecallmetimmah
somecallmetimmah's picture

"...it "cost" at least as much as Big-MIC."

 

Rasis.

Fri, 10/25/2013 - 13:53 | 4090700 Ying-Yang
Ying-Yang's picture

Healthcare.gov is $680 million with $98 million going to Canadian firm.

It is broken but they got paid.

Fri, 10/25/2013 - 13:58 | 4090719 Flying Wombat
Flying Wombat's picture

A Bloomberg study out earlier this week talked about $1Billion+ and all they did was look at "ACA" on contracting bid databases to come up with a number MUCH higher than previous government estimates.  Google Bloomberg Obamcare Cost or some-such and you'll find it.

Eric Dubin, Managing Editor, TheNewsDoctors.com

Fri, 10/25/2013 - 14:00 | 4090723 Flying Wombat
Flying Wombat's picture

BTW, check this out.  It's a really funny video on Obamacare  http://thenewsdoctors.com/creepy-uncle-sam-is-back/

Fri, 10/25/2013 - 14:03 | 4090735 Flying Wombat
Fri, 10/25/2013 - 14:12 | 4090760 Trampy
Trampy's picture

Anybody know how much Obamacare has cost so far?

Cost?  In terms of what, exactly?  And to WHOM, and WHEN?

Monetary cost to produce it, or cost of the damage it will ultimately cause, or both?

There are sure to be other "costs" as well.  Anyone who thinks they know the answer is a fool. 

There is probably a number made up by someone somewhere at OMB that purports to answer your question, but, in the immortal words of Hillary, "what difference does it make?!" 

Fri, 10/25/2013 - 15:53 | 4091173 GeezerGeek
GeezerGeek's picture

The greatest cost will be in terms of liberty and privacy, or the lack thereof. 

Fri, 10/25/2013 - 13:07 | 4090512 icanhasbailout
icanhasbailout's picture

You'll be protected by the same people who still can't find Rachel from Card Services.

Fri, 10/25/2013 - 13:03 | 4090502 One And Only
One And Only's picture

But. Free birth control. Should help lower reproduction in those urban areas full of degenerates. Thanks Obama

Fri, 10/25/2013 - 13:30 | 4090581 somecallmetimmah
somecallmetimmah's picture

Rasis.

Fri, 10/25/2013 - 13:57 | 4090715 InTheLandOfTheBlind
InTheLandOfTheBlind's picture

when it doesn't do ya think that they are gonna suggest forced sterilization?

Fri, 10/25/2013 - 17:22 | 4091429 NIHILIST CIPHER
NIHILIST CIPHER's picture

YES.                                     (sarc/ off)

Fri, 10/25/2013 - 14:01 | 4090727 SDShack
SDShack's picture

Along those lines, what's insane is how liberals will scream and demonstrate to the ends of the earth on abortion, specifically how NOTHING must ever come between a woman and her doctor. But they are perfectly fine in creating the biggest govt bureacracy on earth known as 0zer0care that puts 2 layers between the woman and her doctor (govt and insurance) for EVERY healthcare decision she is going to make for the rest of her life, including her partner's life, and her children's lives. Say that to a liberal and watch their heads explode.

Fri, 10/25/2013 - 13:08 | 4090513 Dr. Engali
Dr. Engali's picture

Bush's fault.

Fri, 10/25/2013 - 13:09 | 4090519 Stoploss
Stoploss's picture

I think Barry care is going one place, and one place only...

 

Straight back up Barry's ass, where it came from..........

Fri, 10/25/2013 - 13:19 | 4090546 john39
john39's picture

obongocare was designed to fail...  this is an interim step towards a single payer system that our owners so desire.

Fri, 10/25/2013 - 14:06 | 4090752 ChubbNut
ChubbNut's picture

"obongocare" - good one John! /sarc

Fri, 10/25/2013 - 13:11 | 4090520 Winston Churchill
Winston Churchill's picture

Thats the website 's best feature.Prolly designed in by the NSA.

Makes you wonder if the govt. spying is truly a threat.I'm sure the same level

of total incompetence is prevalent there as well.Maybe moreso  seeing there is

no oversight at all.The data center doing frquent impersonations of a TESLA car

does makes you wonder.

Fri, 10/25/2013 - 13:27 | 4090569 Dewey Cheatum Howe
Dewey Cheatum Howe's picture

The emperor is a lot more naked than people realize. There is perception then reality, they tend to not reside in the same plane. The competence of this shit show called the healthcare exchange website is not an isolated problem but a symptom of something bigger.

Fri, 10/25/2013 - 13:12 | 4090521 1stepcloser
1stepcloser's picture

Thats fine, most who need to sign up don't have viable SSNs to steal, what FICO of 550 at best.....no new credit lines with that mess..  Now if they can steal EBT numbers???

Fri, 10/25/2013 - 13:40 | 4090641 depression
depression's picture

Bragging rights. Surprised it has taken this long for Anon to get around to exploiting the web-site, perhaps they still blindly worship their O'savior.

Fri, 10/25/2013 - 13:12 | 4090525 l.kimbot
l.kimbot's picture

$290, 000, 000 to infinity.  No surprise.   Ultimately,  it will be the IRS' party.  "Penalties and interest. "

Fri, 10/25/2013 - 13:12 | 4090527 carbonmutant
carbonmutant's picture

Looks like the Tea Party's attempts to delay Obamacare were doing the Democrats a favor...

Fri, 10/25/2013 - 13:39 | 4090634 Papasmurf
Papasmurf's picture

The dems screwed up.  They could have caved in to the Repukes while they bandaged up this program to role it out a year later.

Fri, 10/25/2013 - 16:18 | 4091263 earnyermoney
earnyermoney's picture

Yep. Now the Red team is going to beat the Blue team's ass like a drum through the mid-term elections.

Fri, 10/25/2013 - 13:12 | 4090528 thatthingcanfly
thatthingcanfly's picture

OT

Why is gold ramping on a Friday afternoon? Isn't it supposed to be getting crushed right about now?

Fri, 10/25/2013 - 13:23 | 4090556 NotApplicable
NotApplicable's picture

"Turn that machine back on!"

Fri, 10/25/2013 - 13:13 | 4090536 Urban Redneck
Urban Redneck's picture

No SSL? Hundred of millions of dollars? And it still doesn't work?

Are we even sure that cunt Sebelius even knows what a website is or an insurance application is? Or what the internet is? Or what healthcare is?

CLAWBACKS.

Both DHS Management and .GOV contractors.

Fri, 10/25/2013 - 13:24 | 4090557 NOTaREALmerican
NOTaREALmerican's picture

Re:  Both DHS Management and .GOV contractors.

HA!   funny one.    Feature, not a bug.  

Fri, 10/25/2013 - 14:28 | 4090851 Non Passaran
Non Passaran's picture

It's a cost saving measure.

Do you know how expensive SSL certs are?

The government is trying to save every cent it possibly can!

Fri, 10/25/2013 - 13:48 | 4090547 socalbeach
socalbeach's picture

5 years from now.

 

Obama: "ACA would have worked, but people are a little screwy sometimes."

Fri, 10/25/2013 - 13:20 | 4090550 Yen Cross
Fri, 10/25/2013 - 13:28 | 4090575 NotApplicable
NotApplicable's picture

Cool, thanks for the tip.

Do NOT follow this link or you will be banned from the site!