Healthcare.gov Remains Unstable, Vulnerable: Report

A new report from a government auditor suggests that the United States Healthcare.gov web site is missing basic security features. The most alarming findings include ineffective cyber security controls, such as resilient passwords and stable security patching.

Healthcare.gov represents the central hub of the Obama administration's Affordable Care Act, which is intended to offer U.S. citizens an easier method of finding and acquiring health insurance. However, since the site's launch in October 2013 it has suffered from stability problems, with issues lingering well into 2014.

Healthcare.gov Data Vulnerable to Hackers: Report

Now, a report from the Government Office of Accountability finds that the site remains insecure. Specifically, the report says that the site allows some outside systems to connect and access the Internet. In doing so, the reports suggests unauthorized users could access data from Healthcare.gov's insurance marketplace.

Beyond that, the report finds that the administration has failed to consistently apply security patches to Healthcare.gov, leaving the site vulnerable to hackers. "Weaknesses exist that put these systems and the sensitive personal information they contain at risk," the report noted. 

The auditor's report recommends the implementation of 28 critical changes designed to enhance Healthcare.gov's security systems. This includes initiating a comprehensive security assessment and creating clear security roles and responsibilities for those working with the site.

Functionality Problems Known But Ignored

But that's not the only problem Healthcare.gov is facing. An even more recent report from the House Committee on Oversight and Government Reform was released this past weekend; it suggests that the Obama administration knew the website was suffering from functionality problems prior to its unveiling, but went ahead with the October 2013 launch regardless. 

The House Committee report goes on to insist that the administration is "continuing its efforts to shield ongoing problems with the website from public view." It's suggested that those responsible for building and maintaining Healthcare.gov expressed more concern about hiding the site's problems (including its security vulnerabilities), rather than resolving the issues. 

The House Committee report includes a series of internal emails that reveal just how dysfunctional the Healthcare.gov team was as the site launched last fall. "This is an [expletive] disaster," noted Bryan Sivak of the Department of Health and Human Services two days after the site was opened to the public. "Basic testing should have been done ... that hasn't been done." (Source: theverge.com) 

Obama Administration Slammed by Opponents

Republicans are using the report to criticize the Obama administration. "What you found a year into this site is they were not using best practices," noted California Republican Darrell Issa. "[The Obama administration does not] want to tell how weak it still is," Issa added. (Source: pcworld.com) 

The good news is that the auditor's report finds that most of the security problems can be resolved quickly and easily. Of course, that begs the question: why weren't these issues addressed beforehand?

What's Your Opinion?

Have you used Healthcare.gov since its launch in October 2013? If so, what was your experience like? Are you confident that the Healthcare.gov site will stabilize and become more secure in the near future?