Security Analysis: State Health Exchanges May Not Be Secure

A security expert who examined several state based exchanges found they were “built in such a way as to almost attract attackers.”

Kyle Adams is a software architect for Juniper Networks. He created a tool designed to detect attempted intrusions into sites. After looking at several state based exchanges, Kyle told Computerworld “[The sites] produced errors suggesting that the developers did not properly handle specific conditions.”

“I did some light investigation on some of the health care websites,including Kentucky, Vermont, Maryland and the federal HealthCare.govsites and quickly identified areas that would be attractive toattackers.”

Other news sites have reported that the federal health exchange appeared vulnerable to attack by hackers. Mother Jones reported last month “According to several online security experts,, the portalwhere consumers in 35 states are being directed to obtain affordablehealth coverage, has a coding problem that could allow hackers to deploya technique called “clickjacking.”

Several reports have suggested that final security testing was not completed on prior to launch. So far there have been at least two instances where private information was misrouted by the health exchange site but those seem to have been accidental.