Just when one thought the embarrassment for Obamacare, and its epically flawed, bloated portal, Healthcare.gov, which according to some accounts has over 100 million lines of code, the vast majority of which did not work as it is after all a government project, could not get any worse, it just did following a report in the WSJ that the website which is reasonably expected to be the safest in the world - and at a price of over $500 million it should be the safest in the world - considering it holds not only the financial but personal and healthcare data of millions of Americans, has been hacked.
According to the WSJ, a hacker broke into part of the HealthCare.gov insurance enrollment website in July and uploaded malicious software.
Naturally, the spin doctors have been promptly activated because the last thing a scandal-ridden administration needs is a reminder of the worst website roll-out in history, and supposedly investigators found no evidence that consumers' personal data was taken in the breach, federal officials said. "The hacker appears only to have accessed a server used to test code for HealthCare.gov. The Department of Health and Human Services discovered the attack last week."
So... the website was hacked in July, and nobody learned about it until two months later? But that's ok, because "investigators" are confident nothing important was taken. Mmmk.
The humor continues:
An HHS official said the attack appears to mark the first successful intrusion into the website, where millions of Americans bought insurance starting last year under the Affordable Care Act. It raised concerns among federal officials because of how easily the intruder gained access and how much damage could have occurred.
"Our review indicates that the server did not contain consumer personal information; data was not transmitted outside the agency, and the website was not specifically targeted," the Department of Health and Human Services said in a written statement. "We have taken measures to further strengthen security."
It wasn't specifically targeted, so that means it was accidentally targeted? Or was it hacked by mistake?
Speaking of hacking, Obamacare appears to be merely the latest in a long string of website intrusions, which lately have affected everyone from JPMorgan, to Home Depot, to the iPhone cloud, to virtually every single retailer.
And now the search for the culprit begins:
The White House and Congressional staff have been briefed on the matter, officials said. The Department of Homeland Security, Federal Bureau of Investigation and National Security Agency have aided the investigation, which is active. The FBI traced the attack to several Internet addresses—some overseas—but doesn't think it is the work of a state-backed actor, officials said.
"There is no indication that any data was compromised at this time," DHS spokesman S.Y. Lee said in a written statement. "DHS will continue to monitor the situation and help develop and implement precautionary mitigation strategies as necessary."
You mean there is no YouTube clip showing Putin clearly hacking Obamacare.gov in yet anoter attempt to antagonize NATO? Or, rather, not clip yet.
It goes without saying that the contents of the website are, well, quite personal.
As an insurance enrollment portal, HealthCare.gov stores deeply personal details on Americans, including Social Security numbers, financial data and names of family members. None of that appeared to gain the still unknown hacker's interest, officials said.
Not that the government would tell the truth of course. So instead what the hacker appears to have done, according to the official party line, is use Healthcare.gov as a portal to seed further attack: "Rather, investigators found that in July, the intruder did just one thing: install malware on a HealthCare.gov server so it could be used in future cyberattacks against other websites, federal officials said. Hackers often take over troves of computers and servers to direct mischief traffic at websites. The rush of traffic, known as a denial of service attack, overwhelms the site and knocks it offline."
It gets worse:
Washington officials said they are concerned that an intruder gained access to the HealthCare.gov network through a basic security flaw. The server accessed had such low security settings because it was never meant to be connected to the Internet, the HHS official said. When the hacker broke in, it was only guarded by a default password, which often is easy to crack.
"There was a door left open," the official said.
The department discovered the break in weeks later on Aug. 25 during a daily security scan. Buried amid lines of computer log files was data showing the test server had been contacted by the outside Internet, which wasn't supposed to happen.
As for the punchline, it comes as expected, from a government apparatchik: "If this happened anywhere other than HealthCare.gov, it wouldn't be news," a senior DHS official said.
Well, not really: do the names JPM, Home Depot, Target, Apple ring a bell? And speaking of healthcare.gov, a website which contains everything about a given individual, from their personal data, to their financial details, to their healthcare information, one can see why what has become the portal to socialized US healthcare should have been made a little tougher to hack than someone "accidentally" entering through an open door.
HHS said it has taken cybersecurity seriously since launching HealthCare.gov nearly a year ago. The site undergoes quarterly security audits from Blue Canopy Group LLC, a private security company in Reston, Va. It also undergoes daily security scans and drill hacking exercises.
So how many hundreds of millions in taxpayer funds was syphoned off into Blue Canopy Group, and how much of this was subsequently funelled back to the government in the form of kickbacks for a contract which apparently nobody even bothered to take seriously. Surely it doesn't matter: after all it is not as if the Fed can't or won't print a few billion to cover whatever the damage was.
Because in an era of zero accountability and infinite printing, why should anything matter any more?