tbo: Tampa Bay Online.
Thursday, Apr 19, 2018
  • Home

Hacker’s heaven may leave you financially disabled

WASHINGTON — The Obama administration is urging its supporters to make the most of the holidays — by turning family dinners and other social gatherings into platforms for boosting enrollment in Obamacare.

Supporters can even log on to a working website for talking points that can help them push loved ones — including those who, due to Obamacare regulations, have lost “the insurance they liked” — to sign up for health insurance through HealthCare.gov.

If you find yourself being pressured at the dinner table to “sign up now,” take a deep breath and consider the risks before going online.

HealthCare.gov debuted Oct. 1 and, overnight, became the new poster child for government ineptitude. From its propensity to crash to its multitude of security problems and bureaucratic inefficiencies, it provided a seemingly inexhaustible supply of material for late night comedians.

But the site is no laughing matter. It is a security nightmare, one that leaves users’ personal information vulnerable to hackers and others. And that vulnerability appears to be open-ended.

In late October, a North Carolina man accidently discovered a security breach on the site: It allowed him to access a stranger’s private enrollment and subsidy information. The user — Justin Hadley — immediately contacted the Department of Health and Human Services about the breach, and asked them to remove his own account from the site to protect his own information.

After weeks of waiting, his information account was finally deleted in mid-November.

And when it comes to security, state health exchange sites haven’t fared much better.

Officials at CoverOregon, Oregon’s health exchange, are reviewing their privacy protections after workers there committed three personal data breaches in three days. Vermont officials overseeing the state’s health exchange website confirmed a security breach there that gave one user improper access to another’s Social Security number and other data.

Two months after HealthCare.gov’s disastrous debut, the administration claimed the site had made “dramatic progress” and was, essentially, “fixed.” But those assurances addressed only the site’s ability to handle more traffic without going into cardiac arrest.

Although the metrics the government used to declare HealthCare.gov “fixed” are fine as far as they go, they are woefully incomplete. Notably missing is any metric addressing security.

On Nov. 19, four IT experts testified before the House Committee on Science, Space and Technology. All agreed that HealthCare.gov was a security nightmare that presented unacceptable risks to users. One went so far as to dub the website “IdentityTheft.gov.”

Since then, of course, the administration once again has pronounced the website “fixed.” Unfortunately, it “doesn’t appear that any security fixes were done at all,” says David Kennedy, CEO of the online security firm TrustedSec.

Indeed, Kennedy told The Washington Free Beacon, the “fixes” made to increase the site’s capacity may have left the site even less secure.

His professional advice? “I would still definitely advise individuals to not use the website.”

And the website isn’t the only source of security concerns over the Obamacare enrollment process. Obamacare navigators never had to undergo background checks.

You wouldn’t settle for a half-baked Christmas dinner. Why take a chance on the half-baked HealthCare.gov?

Tim McGovern is the director of marketing technology at The Heritage Foundation, a conservative think tank.

Weather Center