Wednesday, November 20, 2013
Not only is healthcare.gov at risk, it may already have been compromised, a security expert testified before the Senate.
“Hackers are definitely after it,” said David Kennedy, CEO of information security firm TrustedSEC before a House Science, Space, and Technology committee hearing on security concerns surrounding the problematic Healthcare.gov website.
“And if I had to guess, based on what I can see … I would say the website is either hacked already or will be soon.”
Kennedy told FoxNews.com he based this on an analysis revealing a large number of SQL injection attacks against the healthcare.gov website, which are indicative of “a large amount” of hacking attempts.
“Based on the exposures that I identified, and many that I haven’t published due to the criticality of exposures – if a hacker wanted access to the site or sensitive information – they could get it,” he told FoxNews.com.
A spokesman for the Department of Health and Human Services, which runs the nation’s new healthcare website, did not immediately respond to a request to for more information.
One key problem facing Healthcare.gov is that security wasn’t built into the site from the very beginning, he said — an opinion shared by both Kennedy and Fred Chang, the distinguished chair in cyber security at Southern Methodist University.
“There’s not a lot of security built into the site, at least that’s what we can see from a 10,000 foot view,” Kennedy told the committee. And although the site doesn’t house medical records, it integrates deeply with other sites, includes ecommerce information, and houses a vast array of data that presents a very salient target.
“It’s not only social security numbers … it’s one of the largest collections of personal data, social security and everything else, that we’ve ever seen,” Kennedy said.
Full article: http://www.foxnews.c … ecurity-expert-says/