User Discovers Security Risk, Breach of Privacy

HHS Secretary Kathleen Sebelius assured Congress at the House Ways and Means Committee hearing, last week, that the ObamaCare website was secure. HHS spokeswoman Joanne Peters told the AP that consumers filling out their online applications “can trust that the information they’re providing is protected by stringent security standards and that the technology underlying the application process has been tested and is secure.”

But a North Carolina father named Justin Hadley recently found out that just isn’t the case.

After his Blue Cross Blue Shield health plan was canceled, he logged on to to check out his insurance options. He was shocked to discover a security flaw that disclosed to him eligibility letters addressed to individuals in South Carolina. 

The Foundry has the story: 

After multiple attempts to access the problem-plagued website, Hadley finally made it past the registration page Thursday. That’s when he was greeted with downloadable letters about eligibility — for two people in South Carolina. 

Screenshot here.

The letters, dated October 8, acknowledge receipt of an application to the Health Insurance Marketplace and the eligibility of family members to purchase health coverage. One of the letters was addressed to Thomas Dougall, a lawyer from Elgin, SC.

Hadley shared a screenshot and copy of the letter with redacted personal information.
Hadley wrote to Heritage on Thursday night and also contacted the U.S. Department of Health and Human Services, which administers, as well as elected officials in his state. He has yet to hear back from HHS, even though still displays the personal information of the South Carolina residents on his account.

Hadley reached out to Dougall on Friday to notify him of the breach. Dougall, who spoke to Heritage this evening, said he was evaluating health care options in early October. Dougall said he was able to register on, but decided not to sign up for insurance.

“The plans they offered were grossly expensive and didn’t provide the level of care I have now,” he said.

Dougall said he never saw the October 8 letter until Hadley sent it to him Friday.

After learning of the privacy breach, Dougall spent Friday evening trying to contact representatives from to no avail; he spent an hour waiting on the telephone and an online chat session was unhelpful. He also wrote to Senators Lindsey Graham (R-SC) and Tim Scott (R-SC), along with Representative Joe Wilson (R-SC).

“I want my personal information off of that website,” Dougall said.

Who knows how many other cases like this one are out there? 

Republicans have been sounding the alarm, but has anyone been listening?

At last week’s House hearing,  Representative Mike Rogers (R-MI) chided Sebelius on the lack of appropriate security at; “You accepted a risk on behalf of every user … that put their personal financial information at risk…Amazon would never do this. ProFlowers would never do this. Kayak would never do this.”

Ah – but the super smart, high tech, Team ObamaCrash would do this. 

Words like, “debacle”, trainwreck”, and “FUBAR” don’t even begin to describe the scope of epic failure going on here.

Hat tip: Weasel Zippers