Fed audit finds security flaws in Healthcare.gov database

A federal audit of the cybersecurity of Healthcare.gov found that sensitive personal information was stored in a computer system with basic security flaws (Source: “Audit Finds Slipshod Cybersecurity at HealthCare.gov,” Associated Press via New York Times, Sept. 24, 2015)

The Obama administration said it acted quickly to fix all the problems identified in a report by the U.S. Department of Health and Human Services inspector general's office. But the episode raises questions about the government's ability to protect a vast new database at a time when cyberattacks are becoming bolder.

The database doesn't handle medical records. But according to a government privacy impact statement, it does include names, Social Security numbers, birthdates, addresses, phone numbers, passport numbers, employment status and financial account information of customers on HealthCare.gov and state insurance marketplaces.

"It sounds like a gold mine for ID thieves," said Jeremy Gillula, staff technologist for the Electronic Frontier Foundation, a civil liberties group focused on technology. "I'm kind of surprised that this information was never compromised."