NCPA - National Center for Policy Analysis

Government Watchdog: HealthCare.gov Full of Security Risks

September 22, 2014

HealthCare.gov is vulnerable to security risks, according to a report from Louise Radnofsky and Stephanie Armour at the Wall Street Journal.

The Government Accountability Office is set to address Congress this week to discuss the federal health insurance website and cybersecurity. The site -- into which millions of Americans have plugged in their personal information in order to enroll in health insurance plans -- contains a number of security risks that must be addressed, according to the GAO's director of information security issues Gregory Wilshusen.

Residents in more than 30 states have shopped for insurance on HealthCare.gov. In order to enroll in plans, as well as apply for federal tax credits to subsidize the cost of their insurance, people must enter several pieces of personal information, including income data and their family members' Social Security numbers. Even states that run their own exchanges use the federal site for certain purposes.

Apparently, the Centers for Medicare and Medicaid Services did not assess all privacy risks, nor did it comprehensively test the entire HealthCare.gov system in order to weed out potential security problems. As of June 2014, the GAO found that security testing was still incomplete.

Among the problems identified by the GAO include the concerns that there was no alternate processing system available in the event that HealthCare.gov is disrupted, that infrastructure systems can access the Internet (increasing the likelihood of a third party reaching the website's data) and that various security patches have been applied inconsistently.

Source: Louise Radnofsky and Stephanie Armour, "Federal Health Care Website Faces Security Risks, Watchdog Finds," Wall Street Journal, September 16, 2014.

 

Browse more articles on Health Issues