A security expert testifying before a House Science, Space, and Technology committee hearing on security concerns surrounding the Obamacare website said that the President’s online insurance exchange is not only full of security risks, but that it has also likely already been compromised by hackers.
“Hackers are definitely after it,” said David Kennedy, CEO of information security firm TrustedSEC said during the hearing.
He continued, “And if I had to guess, based on what I can see … I would say the website is either hacked already or will be soon.”
Kennedy testified that one of the major problems with security on the site is that security wasn’t built in to Healthcare.gov from the beginning. Furthermore, according to the expert, integration between the Obamacare site and other online portals for personal information makes the healthcare exchange a treasure trove for identity thieves.
“It’s not only social security numbers … it’s one of the largest collections of personal data, social security and everything else, that we’ve ever seen,” Kennedy said.
Henry Chao, a top official at the Centers for Medicare and Medicaid Services (CMS), also testified Tuesday, telling lawmakers that 30 to 40 percent of the healthcare exchange website remains unfinished.
“I think it’s just an approximation, we’re probably sitting somewhere between 60 or 70 percent [completed],” he told the subcommittee.
Chao said that tests on the sites back-end are being conducted as the website is completed but the process shouldn’t affect the experience of users shopping for insurance.
A report completed for lawmakers by TrustedSec, however, notes, “Test domains are exposed to the Internet, which is often an area for focus of attack. Additionally, there is a significant amount of test data already indexed all over the Internet.”