Tech experts: HealthCare.gov not secure

At a Nov. 19 hearing of the House Committee on Science, Space, and Technology, four technology experts--including two university representatives--all testified that they thought HealthCare.gov was not a secure website, Reuters reported. What's more, three of the four experts said they thought that the site should be shut down until it is secure.

Only Avi Rubin, director of the Information Security Institute at Johns Hopkins University, would not say with certainty that the site should be shut down, at least not without more information to back up such action. Regardless, he said that he, personally, would not want to use the site in light of all of its publicized security issues.

"Bringing down the site is a very drastic response," Rubin told Reuters.

In written testimony to the committee, Frederick Chang, the Bobby B. Lyle Centennial Distinguished Chair in Cyber Security at Southern Methodist University, said that creation of a cybersecurity science will be "critical" to helping to alleviate looming issues. "As we talk about important shorter term measures that can be taken to improve the security of HealthCare.gov, there are myriad longer term issues that need to be addressed, as well," Chang wrote.

Joanne Peters, a spokeswoman for the U.S. Department of Health & Human Services, told Reuters that the government has been making improvements to HealthCare.gov as problems arise.

Last week, an official with the U.S. Department of Homeland Security's Office of Cybersecurity and Communications revealed that DHS was aware of roughly 16 reports of cybersecurity threats to HealthCare.gov from HHS. For instance, according to Roberta Stempfley, acting assistant secretary for the DHS office, hackers tried, unsuccessfully, to organize a "denial of service" attack that ultimately would have shut the site down.

In August, Senate Republicans, led by Utah's Orrin Hatch, asked the Government Accountability Office to review security and privacy features of the data services hub connecting state health insurance exchanges with federal agencies. In June, meanwhile, 16 Republican lawmakers also raised concerns about the hub in a letter sent to HHS Secretary Kathleen Sebelius.

To learn more:
- here's the Reuters article
- here are the hearing materials

Suggested Articles

The Department of Health and Human Services announced proposed changes to privacy restrictions on patients' substance use treatment records.

An FDA official said the agency is in discussions with multiple stakeholders to create a universal unique medical device identifier to be stored in EHRs.

Virtual care, remote monitoring, telehealth and other technologies have long been on the “nice to have” list for healthcare. But that's changing.