Experts Warn Healthcare.gov So Big And So Riddled With Security Flaws It Should Be Shut Down, Rebuilt From Scratch

Tyler Durden's picture

While the abysmal rollout of Obamacare hardly needs any additional debacles, a recent hearing by technology experts in Congress added yet another, quite major, wrinkle to an already insurmountable problem: healthcare.gov is so fraught with security flaws, and so bloated with code, that it may easily expose the personal data of millions (we are being generous here) of users - it collects user names, birth dates, social security numbers, email addresses and much more - to even the least experienced of hackers.

It gets worse: when asked "Do any of you think today that the site is secure?" the answer from the experts, which included two academics and two private sector technical researchers, was a unanimous "no."

And worse when the experts were asked "would you recommend today that this site be shut down until it is?" three of the experts said "yes," while a fourth said he did not have enough information to make the call.

But the worst news of the day the experts said the site needed to be completely rebuilt to run more efficiently, making it easier to protect. They said HealthCare.gov runs on 500 million lines of code, or 25 times the size of Facebook, one of the world's busiest sites.

Well... "Obama built that"

More from Reuters:

David Kennedy, head of computer security consulting firm TrustedSec LLC and a former U.S. Marine Corps cyber-intelligence analyst, gave lawmakers a 17-page report that highlights the problems with the site and warned that some of them remain live.

 

The site lets people know invalid user names when logging in, allowing hackers to identify user IDs, according to the report, which also warns of other security bugs.

 

Avi Rubin, director of the Information Security Institute at Johns Hopkins University and an expert on health and medical security, said he needed more data before calling for a shutdown of the site.

 

"Bringing down the site is a very drastic response," he told Reuters after the hearing.

 

But he would not use it because he is concerned about security bugs that have been made public, he said.

The White House spin was prepared and ready to go:

"The privacy and security of consumers' personal information are a top priority," White House spokesman Jay Carney said after the hearing.

"When consumers fill out their online marketplace applications they can trust that the information that they are providing is protected by stringent security standards."

Perhaps what he meant is that since the NSA already knows all the private information on every American there is no need to be concerned.

Finally, should Obama finally do the right thing and scrap the three year project and start from scratch, "in written testimony, Kennedy said it would take a minimum of seven to 12 months to fix the problems with the site shut down, given the site's complexity and size."

As a reminder, this is how "big" healthcare.gov is:

 

 

Perhaps it is not all bad news: it may be time to test the broken website falacy - just think of the GDP boost that would be created if Obama were to hire 1,000,000 inexperienced programmers coding randomly for three years (again).