Politics & Policy

HealthCare.gov Hack Reminiscent of Earlier Vermont Exchange Attack

(Dreamstime)
Obamacare vulnerabilities abound on the federal and state levels

As the Wall Street Journal breaks news this afternoon about a successful hack at HealthCare.gov, this reporter struck by the similarities to a previous Obamacare break-in, one at the Vermont health exchange.

To begin with, it’s appalling how basic both hacks were.

Despite numerous policies and best practices governing security, the HealthCare.gov server “was guarded only by a default password,” and it “had such low security settings because it was never meant to be connected to the Internet,” the Journal writes. In other words — those of an HHS official, in fact — “there was a door left open.”

Similarly, in Vermont, the development server’s default password was never changed.

Lawrence Miller, the state’s chief of health-care reform, told NRO at the time: “[The hacked server] frankly should never have been plugged into the wall as far as I could tell. If [this breach] had been any measure of our [overall] security system, that would be very problematic, but it’s more like someone walking into an unlocked, new house, and the default password for the alarm system is on a Post-It note next to the alarm pad, and the front door was unlocked.”

Also disturbing, at both a federal and a state level, it’s taking far too long for the government to detect hacks.

The Journal reports that although the hacker gained access and installed malware on a HealthCare.gov server in July, the Department of Health and Human Services “discovered the break in weeks later on Aug. 25 during a daily security scan” (emphasis added). Similarly, in Vermont, it took the health exchange an entire month to detect the attack — and by that time, the hacker had accessed the server at least 15 times.

While the Federal Bureau of Investigation does not believe the hack was a state-sponsored attack, according to the Journal, it did trace the attack back to several IP addresses from abroad. In Vermont, the health-exchange hack originated from Romania.

In both instances, officials have been quick to say that no personal information was compromised, as far as they know. But in Vermont, at least, experts were less confident. Similar unknowns may exist on the federal level.

The similarities between the HealthCare.gov and Vermont attacks are significant because they suggest a top-to-bottom lack of security that afflicts the federal and state exchanges alike.

Michael Gregg, a cybersecurity expert who testified to Congress about HealthCare.gov risks, tells NRO this evening: “I think the most important take-away, unfortunately, is to still be very leery about how well these systems have actually been secured. We’re still potentially running code and applications that seem to be vulnerable at one point, and these systems may still be at this state: We’re still working with these patched systems. All this stuff should have been rebuilt from the ground up with security as the first thing in mind.”

— Jillian Kay Melchior is a Thomas L. Rhodes Fellow for the Franklin Center for Government and Public Integrity. She is also a Senior Fellow at the Independent Women’s Forum.

Most Popular

Elections

Trouble in the Workers’ Paradise

Representative Alexandria Ocasio-Cortez is precisely the sort of campaign surrogate you want, especially if you are Bernie Sanders: She is young, energetic, charismatic, popular (with the people she needs to be popular with, anyway), and, happily, currently ineligible to run for the presidency ... Read More
Elections

Trouble in the Workers’ Paradise

Representative Alexandria Ocasio-Cortez is precisely the sort of campaign surrogate you want, especially if you are Bernie Sanders: She is young, energetic, charismatic, popular (with the people she needs to be popular with, anyway), and, happily, currently ineligible to run for the presidency ... Read More
Law & the Courts

Bill Barr Derangement Syndrome

Can the republic survive Attorney General William Barr? That’s the question that has seized the media and center-left, which have worked themselves into a full-blown panic over an attorney general who is, inarguably, a serious legal figure and one of the adults in the room late in President Trump’s first ... Read More
Law & the Courts

Bill Barr Derangement Syndrome

Can the republic survive Attorney General William Barr? That’s the question that has seized the media and center-left, which have worked themselves into a full-blown panic over an attorney general who is, inarguably, a serious legal figure and one of the adults in the room late in President Trump’s first ... Read More
Elections

RIP Bloomberg 2020

I thought that Bloomberg’s confused half-defense of stop-and-frisk was going to be his low point. Well. His torturous response on his lawsuits and NDAs was truly awful -- beyond incompetent. I wouldn’t be surprised if this were the end of Bloomberg 2020. Read More
Elections

RIP Bloomberg 2020

I thought that Bloomberg’s confused half-defense of stop-and-frisk was going to be his low point. Well. His torturous response on his lawsuits and NDAs was truly awful -- beyond incompetent. I wouldn’t be surprised if this were the end of Bloomberg 2020. Read More
Elections

Revenge against the Deplorables

One of the theories behind the Bernie Sanders campaign, one often shared by his more devoted fans in the media, is that Democrats lost voters to Donald Trump in 2016 because they had ceased to talk about the economic issues that matter to those voters. Hadn’t Obama also shared his concern about trade deals and ... Read More
Elections

Revenge against the Deplorables

One of the theories behind the Bernie Sanders campaign, one often shared by his more devoted fans in the media, is that Democrats lost voters to Donald Trump in 2016 because they had ceased to talk about the economic issues that matter to those voters. Hadn’t Obama also shared his concern about trade deals and ... Read More