Health IT Pulse

Sep 29 2014   3:07PM GMT

White hat hackers test Healthcare.gov data security

Don Fluckinger Profile: Don Fluckinger

Tags:
Affordable Care Act
health care data breach
health data security
healthcare.gov

Which do you want first on federal health insurance exchange sites initiated through the Affordable Care Act? The good news, or the bad news?

It turns out that the feds employed white hat hackers to test the data security of exchanges, according to a report from the HHS Office of the Inspector General (OIG) following an audit of Healthcare.gov data security practices and risk mitigation that took place from last February to last June.

The good news is, after reviewing the work, OIG found that personal data U.S. patients give the site is generally secure. The bad news? The hackers uncovered an unspecified “critical vulnerability” in a scan of the Healthcare.gov web application, which CMS said would be quickly patched.

Moreover, two more server vulnerabilities, known to CMS, hadn’t been fully addressed at the time of the audit. CMS was in the process of remediating these vulnerabilities at the time of the audit, but hadn’t completed the plan. Prior to the audit, CMS had notified OIG of the steps it was taking to patch the holes. Of the two server vulnerabilities, a less critical vulnerability that didn’t put users’ personal data at risk was getting addressed via a contractor. A more critical vulnerability had been patched by CMS itself between the time of the audit and last week, when the OIG published its report.

The vulnerabilities were not described in detail in the report, as a security precaution. The OIG report follows reports of a Healthcare.gov test-farm breach, a story broken by the Wall Street Journal. CMS said that no personally identifiable information was exposed in the incident. In a separate but unrelated announcement, CMS recently said that most of its Healthcare.gov patient-matching issues have been resolved.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: