Hacking of Federal Healthcare Site Harmless? Think Again, Says Financial Services Outfit
Amid all the other technical problems that have plagued the federal government's new Affordable Care Act Website since it went live last year, now HealthCare.gov has been attacked by hackers, The Motley Fool reports.
The Virginia-based financial services company says it's learned from several sources that computer hackers broke into the government's healthcare insurance exchange site two months ago and uploaded a malicious virus onto a server dedicated to testing software code.
The Fool piece said the hackers didn't reach servers that secure exchange participants information, and that the uploaded virus is actually tame, compared to the potential havoc it could have caused.
However, even the idea that the breach was even possible raises a ton of red flags about how secure the Website's primary servers really are.
"It's an eye-opening question given that personal data remains one of the most sought-after targets of black-market profiteers. It also serves as a sobering acknowledgment that hackers are increasingly targeting healthcare information in a bid to build more complete (and valuable) dossiers," the Fool report said, adding that few things are regarded as more private than personal healthcare records, "but the healthcare industry appears to remain well behind banking and retailing in implementing security measures to prevent thefts."
Market analysts speculate the healthcare sector's delay in implementing better software security may be a result of the industry's overarching desire -- unlike banks and retailers, which seek newer and better ways to safeguard private information from being shared -- to develop a database through which personal health records can indeed be shared by patients, insurers, doctors, specialists and hospitals with relative ease.
Last month, Community Health Systems, a Fortune 500 hospital operator based in Franklin, Tennessee, announced hackers had broken into its servers and sole 4.5 million records that included the names, addresses and social security numbers of patients treated at the company's 200 medical facilities.
The United State Department of Health and Human Services said it identified and removed the malicious software from the infected server -- and it's implementing added security measures to prevent future attacks.
Of course, the Fool said, the virus placed on the HealthCare.gov this time wasn't very sophisticated at all and was met by only a rudimentary security progr.am, since the server in question was never intended to go online.
"The fact that an unsecured server tied to healthcare.gov was online and broken into suggests that HHS will be looking carefully at all of its servers to make sure each one has the proper security in place," the Fool said, adding that "it wouldn't be shocking to see efforts redoubled from here. However, that doesn't guarantee personal data won't be at risk ... as long as there is data locked in servers, there will be hackers trying to steal it."
Subscribe to Latin Post!
Sign up for our free newsletter for the Latest coverage!