Security Analysis: State Health Exchanges May Not Be Secure
A security expert who examined several state based exchanges found they were "built in such a way as to almost attract attackers."
Kyle Adams is a software architect for Juniper Networks. He created a tool designed to detect attempted intrusions into sites. After looking at several state based exchanges, Kyle told Computerworld "[The sites] produced errors suggesting that the developers did not properly handle specific conditions."
"I did some light investigation on some of the health care websites,
including Kentucky, Vermont, Maryland and the federal HealthCare.gov
sites and quickly identified areas that would be attractive to
Other news sites have reported that the federal health exchange appeared vulnerable to attack by hackers. Mother Jones reported last month "According to several online security experts, Healthcare.gov, the portal
where consumers in 35 states are being directed to obtain affordable
health coverage, has a coding problem that could allow hackers to deploy
a technique called "clickjacking."
Several reports have suggested that final security testing was not completed on Healthcare.gov prior to launch. So far there have been at least two instances where private information was misrouted by the health exchange site but those seem to have been accidental.