Healthcare.gov, the web portal for the Obama Administration’s Affordable Care Act (also known as Obamacare), recorded more than 300 cybersecurity incidents within a period of about 18 months, a new government report released Wednesday revealed.
The nonpartisan Government Accountability Office reported that none of the attempted cyberattacks, which occurred between October 2013 and March 2015, included “evidence that an outside attacker had successfully compromised sensitive data,” such as the personal information of the millions of subscribers to the government-subsidized health insurance site.
The GAO did say, however, that it identified weaknesses in the technological tools the site uses to protect sensitive information flowing through a part of the system called the Federal Data Services Hub. According to a report overview, the hub is a portal used to exchange personal information between the federal marketplace and external partners of the Centers for Medicare & Medicaid Services (CMS) — partners such as Social Security, IRS and Homeland Security.
Weaknesses identified in the 55-page report include: “insufficiently restricted administrator privileges for data hub systems, inconsistent application of security patches and insecure configuration of an administrative network.”
According to the report, the GAO conducted the study on cyber attacks linked to Healthcare.gov after it was asked “to review security issues related to the data hub, and CMS oversight of state-based marketplaces.”
It’s widely known that Healcare.gov has been susceptible to glitches in the past, and the latest information regarding the cyber attacks is evidence that those problems persist.
The statement concluded that in order to prevent future breaches, the CMS ought to “define procedures for overseeing the security of state-based marketplaces and require continuous monitoring of state marketplace security controls.”
Read the full statement here.