Hackers break into HealthCare.gov: Why it's not a big deal

The one breached server had been used for testing and did not contain consumer names, birth dates, Social Security numbers, or income details. Unlike servers that do contain consumer information, the breached server did not have a firewall or intrusion detection software.

|
Jon Elswick/AP
This March 1, 2014 file photo shows part of the website for HealthCare.gov in Washington.

Hackers successfully breached HealthCare.gov, but no consumer information was taken from the health insurance website that serves more than 5 million Americans, the Obama administration disclosed Thursday.

Instead, the hackers installed malicious software that could have been used to launch an attack on other websites from the federal insurance portal.

Health and Human Services spokesman Aaron Albright said the website component that was breached had been used for testing and did not contain consumer information, such as names, birth dates, Social Security numbers and income details.

The initial intrusion took place July 8, but it was not detected until Monday of last week during a manual scan of system logs. HHS said the component that was breached did not have a firewall, or intrusion detection software, installed on it. Technicians manually scanning logs discovered the breach Aug. 25 and took action.

The Homeland Security Department, which helps safeguard federal systems, said the scope of the attack was limited to one server. There is no evidence an attack was subsequently launched from the tainted machine.

Federal computer systems are the targets of hundreds of cyberattacks every day, but this is believed to be the first successful one involving HealthCare.gov.

The health care site had numerous technical problems when it was launched last fall and was initially unworkable for most consumers. Among the issues that concerned the government's own technical experts was that security testing could not be completed because the system was undergoing so many last-minute changes.HealthCare.gov eventually passed security certification.

"Sadly, the news that HealthCare.gov has been hacked does not come as a surprise," Rep. Joe Pitts, R-Pa., said in a statement. Pitts chairs a panel that held hearings last year on the website problems. Like other congressional Republicans, he opposes President Barack Obama's health care overhaul.

HHS says it does not appear that the insurance site was specifically targeted. Rather, the hackers seem to have been probing numerous government and private websites for potential weaknesses.

The department's inspector general is coordinating with other law enforcement agencies to investigate.

HealthCare.gov is the online gateway to subsidized private health insurance for people who don't have access to a health plan on the job.

Created under Obama's health law, the site currently serves 36 states and more may be added when open enrollment starts Nov. 15. The remaining states run their own insurance exchanges.

The incident was first reported by The Wall Street Journal.

Copyright 2014 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to Hackers break into HealthCare.gov: Why it's not a big deal
Read this article in
https://www.csmonitor.com/USA/Latest-News-Wires/2014/0904/Hackers-break-into-HealthCare.gov-Why-it-s-not-a-big-deal
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe