The HealthCare.gov hack shares some worrisome details with a successful attack last December on a Vermont health-exchange server, as I write this evening on the homepage.
In both cases, a basic — even stupid — security oversight allowed the hacker to gain access to a server. Likewise, both attacks took several weeks to detect. Both attacks seem to have originated, at least in part, from abroad. Here’s why the commonalities matter:
The similarities between the HealthCare.gov and Vermont attacks are significant because they suggest a top-to-bottom lack of security that afflicts the federal and state exchanges alike.
Michael Gregg, a cybersecurity expert who testified to Congress about HealthCare.gov risks, tells NRO this evening: “I think the most important take-away, unfortunately, is to still be very leery about how well these systems have actually been secured. We’re still potentially running code and applications that seem to be vulnerable at one point, and these systems may still be at this state: We’re still working with these patched systems. All this stuff should have been rebuilt from the ground up with security as the first thing in mind.”
Read the whole piece here.
— Jillian Kay Melchior is a Thomas L. Rhodes Fellow for the Franklin Center for Government and Public Integrity. She is also a Senior Fellow at the Independent Women’s Forum.