The Web portal used by millions of Americans to obtain health insurance experienced 316 security-related incidents in a period of about 18 months, a new report shows. And the site remains vulnerable to attack.
The report — “Healthcare.gov: Actions Needed to Enhance Information Security and Privacy Controls” — was released Wednesday by the U.S. Government Accountability Office.
The GAO states:
“According to GAO’s review of CMS records for this period [between October 2013 and March 2015], the majority of these incidents involved such things as electronic probing of CMS systems by potential attackers …”
The GAO found no evidence that an outside attacker had succeeded in obtaining sensitive data, although the agency identified weaknesses “that could place sensitive information at risk of unauthorized disclosure, modification or loss.”
Such weaknesses involve the Federal Data Services Hub, a key part of the Healthcare.gov system that the Associated Press describes as “operating behind the scenes,” pinging other “federal agencies such as Social Security, IRS and Homeland Security to verify the personal details of consumers.”
The AP adds:
“HealthCare.gov’s data hub is one of the administration’s major technology projects, and has generally been regarded as successful.”
In a separate report that was not made public, the GAO recommended 27 actions to address weaknesses.
The GAO is an independent agency that serves as a watchdog for Congress by investigating how the federal government spends taxpayer dollars.
The GAO’s findings are based on a review of the records of the U.S. Centers for Medicare & Medicaid Services, or CMS, the federal agency that manages Healthcare.gov.
The Healthcare.gov portal was established under the Patient Protection and Affordable Care Act of 2010 — the federal law also known as Obamacare — to offer subsidized private health insurance to people who do not have access to insurance through an employer.
The AP reports that the GAO’s review stemmed from federal lawmakers asking President Barack Obama’s administration for more detail about security issues. The administration has accepted the GAO’s recommendations for improvements, according to the AP report.
Do you worry about how safe your information is on Healthcare.gov? Sound off in our Forums. It’s the place where you can speak your mind, explore topics in-depth, and post questions and get answers.
Disclosure: The information you read here is always objective. However, we sometimes receive compensation when you click links within our stories.