The Corner

Healthcare.gov Hacked in July, and HHS Discovered It Just Last Week

HealthCare.gov was hacked in July, the Wall Street Journal reported this afternoon– but the Department of Health and Human Services learned of the attack only last week:

A hacker broke into part of the HealthCare.gov insurance enrollment website in July and uploaded malicious software, according to federal officials.

Investigators found no evidence that consumers’ personal data was taken in the breach, federal officials said. The hacker appears only to have accessed a server used to test code for HealthCare.gov. The Department of Health and Human Services discovered the attack last week.

An HHS official said the attack appears to mark the first successful intrusion into the website, where millions of Americans bought insurance starting last year under the Affordable Care Act. It raised concerns among federal officials because of how easily the intruder gained access and how much damage could have occurred.

“Our review indicates that the server did not contain consumer personal information; data was not transmitted outside the agency, and the website was not specifically targeted,” the Department of Health and Human Services said in a written statement. “We have taken measures to further strengthen security.”

The attack comes as the federal government and insurance companies prepare for open enrollment, which begins Nov. 15. It is likely to be seized on by Republican lawmakers, who oppose the law, in fall campaigns as another sign of the health law’s flaws. HealthCare.gov suffered from crippling technology problems when it launched in October, though the government has since improved the site.

Healthcare.gov security breaches have long been a concern. In July, Politico wrote that a major health-records hack is “only a matter of time,” adding that “on the black market, a full identity profile contained in a single record can bring as much as $500.”

On the state health exchanges, security has also been found wanting, according to records obtained by National Review Online.

In Vermont, a Romanian hacker gained access to the health exchange’s development server for a month before being detected.

In California, navigators jeopardized the personally identifying information of at least 378 Obamacare enrollees by transmitting them insecurely.

And in New Mexico, federal auditors from the Department of Health and Human Services found “high and critical issues than need to be addressed with our vendor,” according to the interim CEO of the health exchange.

— Jillian Kay Melchior is a Thomas L. Rhodes Fellow for the Franklin Center for Government and Public Integrity. She is also a Senior Fellow at the Independent Women’s Forum.

Most Popular

U.S.

Some Good News Going into the Weekend

It’s Friday -- although I know it’s getting harder and harder to tell these days. You deserve a respite from yesterday’s gloom. (If you’re hungry for more gloom, there’s always the most recent edition of The Editors podcast -- and thank you, dear readers, for checking on me.) Today’s newsletter ... Read More
U.S.

Some Good News Going into the Weekend

It’s Friday -- although I know it’s getting harder and harder to tell these days. You deserve a respite from yesterday’s gloom. (If you’re hungry for more gloom, there’s always the most recent edition of The Editors podcast -- and thank you, dear readers, for checking on me.) Today’s newsletter ... Read More
Science & Tech

The 41 Worst People You Meet on Twitter

Twitter, even more so than blogs, offered us the revolutionary promise of a virtual town square: You could hear from and engage with people from many walks of life, the prominent and the ordinary, in real time. You could read news as it breaks, debate the great issues of the day, and have fun. That promise ... Read More
Science & Tech

The 41 Worst People You Meet on Twitter

Twitter, even more so than blogs, offered us the revolutionary promise of a virtual town square: You could hear from and engage with people from many walks of life, the prominent and the ordinary, in real time. You could read news as it breaks, debate the great issues of the day, and have fun. That promise ... Read More