Healthcare.gov Hacked in 4 Minutes
Just last week famous white hat hacker David Kennedy, demonstrated how healthcare.gov could be hacked in just a matter of minutes. David Kennedy, CEO of TrustedSec appeared in front of the congressional committee to discuss the security of healthcare.gov, the United States government healthcare website. Healthcare.gov has had many issues in the past, insecurity begin one. While Kennedy explain this to the congressional committee, he later appeared on Fox News to explain the vulnerabilities a bit better. It appears within a 4 minute time frame Kennedy was able to extract over 70,000 personal records of users who enrolled on the website. Kennedy also stated “And 70,000 was just one of the numbers that I was able to go up to and I stopped after that,” “You know, I’m sure it’s hundreds of thousands, if not more, and it was done within about a 4 minute time frame. So, it’s just wide open.” Kennedy states he used a regular browser to hack into and extract data from the website. Later, Teresa Fryer, chief information security officer for the Centers for Medicare Services, said when first launched in early October she was not confident about the websites security. Since then however, she says improvements have been made. Kennedy assured everyone that the site is still vulnerable and from what he can see, %100 insecure. Kennedy is not the only one that assessed the site, seven other cyber security experts have come to the same conclusion confirming his reports.
It appears the sites security has only gone downhill since October. With such vital insecurities users data and privacy are at risk. Also, Reuters reports stated:
Before the hearing, Kennedy told Reuters the government has yet to plug more than 20 vulnerabilities that he and other security experts reported to the government shortly after HealthCare.gov went live on October 1. Hackers could steal personal information, modify data, attack the personal computers of website users and damage the infrastructure of the site, Kennedy said in an interview.
After all of the cyber security assessments, the website still remains to be insecure and vulnerable to attacks. Even vulnerabilities that were reported when the site first went live. Nothing more has been stated about fixing these vulnerabilities or long term security measures.