Could Someone Hack Healthcare.Gov? Find Out Here

Hacker. Photo credit here.

Hacker. Photo credit here.

After waiting for the Healthcare.Gov website to go live so most of the U.S. could shop around for affordable health care coverage, the anticipation virtually ground to a halt as the website was inundated with technical complications. Soon after, the Presidential administration enlisted the help of industry giants like Verizon and highly skilled coders educated in some of the best schools to resolve the federal health exchange problems, and fast. One issue down but more to go? Sounds like it if you believe the web security specialists who are saying that the Obamacare tech team should add yet another critical cyber issue its lengthy list of things to do; eradicating a security defect that has the potential of making sensitive user information vulnerable to hackers.

Web security experts have reported that the Healthcare.Gov website has a coding complication that may permit hackers to deploy a tactic referred to as “clickjacking,” in which undetectable links are positioned on a legitimate webpage. By doing this, hackers can trick consumers into giving out their personal data when they enter it into the website, most likely placing them at risk of letting individuals commit fraud by filing bogus health care claims or stealing their identity.

When someone signs up online for Obamacare they are required to enter a lot of personal information to verify their identity including their name, Social Security number, email address, phone number, their income, information regarding their family members and employer.

Threat researcher Kyle Wilhoit, with Trend Micro, a security software company, analyzed the Healthcare.Gov portal along with his security team and discovered a moderate risk for hacking due to a coding issue that they say should be easy to fix. If the coding problem isn’t addressed it could cause the website to be vulnerable to the clickjacking problem mentioned above.

This wouldn’t be the first time a government website experienced coding problems either: Just earlier this year, SAM. Gov, a government contracting award Mgt website automatically disclosed companies’ private information without a hacker even being involved due to bad coding.

When asked about the clickjacking concerns, the Department of Health and Human Services reported that American’s don’t need to concern themselves with a possible leak of information because they said that if a security incident did happen to occur, there was an Incident Response functionality available that would be activated, allowing for tracking, investigation, as well as reporting of any incidents.

Other sections of Obamacare’s technological infrastructure aren’t as vulnerable to hackers. While Healthcare. Gov may be at risk for clickjacking, the sensitive information that is submitted via the website isn’t permanently stored in a centralized database which makes it difficult for hackers to gain access to data in bulk.

Rather, the user’s information is sent through a secure data hub to varied federal agencies which include the Social Security Administration, where it is double checked as well as verified. Finally private insurance companies are notified that someone has signed up and chosen a health care plan.

There are many fascinating career paths that fall under “Computer Science” and one would be working on resolving hacking issues like those mentioned here, and a number of top computer science colleges to consider; imagine how rewarding it would be to find a permanent fix for these kinds of high tech issues.

Resource: http://www.motherjones.com/politics/2013/10/obamacare-healthcare-gov-hacked-clickjacking