Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Hiding the Hacking at HealthCare.gov [will not let you know]
National Review ^ | December 23, 2013 | John Fund

Posted on 12/23/2013 4:22:31 AM PST by Cincinatus' Wife

Christmas shoppers were stunned to learn last Thursday that computer hackers had made off with the names and other personal info of some 40 million Target customers. Some of the pilfered information is reportedly being sold on the black market, prompting JP Morgan Chase to limit purchases and cash withdrawals on debit cards owned by recent Target shoppers.

But at least Target informed its customers of the security breach, as it is required by federal law to do. HealthCare.gov faces no such requirement; it need never notify customers that their personal information has been hacked or possibly compromised. The Department of Health and Human Services was specifically asked to include a notification requirement in the rules it designed for the health-care exchanges, but HHS declined.

The Federal Register tells the tale about what happened on March 27, 2012, at a meeting on the issue.

At that meeting, two commenters asked HHS to ensure the exchanges would promptly notify affected enrollees in the event of a data breach or unauthorized access to the exchange’s databases. One commenter suggested that a full investigation be launched each time such a breach occurred, with the goal of holding hackers legally and financially accountable for breaking into the website.

According to a report by the group Watchdog.org, HHS responded: “We do not plan to include the specific notification procedures in the final rule. Consistent with this approach, we do not include specific policies for investigation of data breaches in this final rule.” In other words, the government doesn’t have to tell you about a security breach unless it decides it wants to — despite the fact that private companies are required to publicly disclose any incidents. State laws also require many of the 14 state-run insurance exchanges to disclose such information, but no such law exists for the federally run exchange, which 36 states rely upon.

The Watchdog report notes that it’s through state laws that we’ve learned the most about security problems in the exchanges. In September, the Minneapolis Star Tribune reported that “an official at MNsure, the state’s new online health insurance exchange, acknowledged it had mishandled private data.” A Minnesota insurance broker received an e-mail containing a trove of confidential information on more than 2,400 people, including their Social Security numbers and business addresses. A staffer at MNsure had accidentally sent the e-mail to him. “The more I thought about it, the more troubled I was,” Jim Koester, the recipient of the data, told the Star Tribune. “What if this had fallen into the wrong hands? It’s scary.”

Last July, Dave Jones, California’s insurance commissioner and a Democrat, expressed his concerns about inadequate security processes on his state’s exchange, one of the better-run ones. If unscrupulous people get hold of Social Security numbers, health records, or other private information of consumers “we can have a real disaster on our hands,” Jones told the AP. He has declined further comment since then.

In Florida, GOP governor Rick Scott is troubled that privacy guidelines will be ignored in the rush to try to enroll his state’s 3.5 million uninsured residents. He wrote to Congress this fall expressing worry that the thousands of “navigators” hired by private groups posed a possible security threat, given that they undergo no federal background checks: “As the push for ‘navigators’ to sign up Floridians on the federal health insurance exchange becomes more frenzied, the need to safeguard the personal information Floridians submit to the ‘navigators,’ and its use in a ‘federal data hub,’ is taking on paramount importance.” The workers the federal government hired to conduct the 2010 census were fingerprinted and underwent background checks. Not so the Obamacare “navigators.”

It’s not as if the Obama administration wasn’t notified of security concerns about its website. MITRE Corporation, an HHS contractor, alerted the agency that 19 unaddressed security vulnerabilities plagued the website before its launch on October 1. Last week, Teresa Fryer, the chief information-security officer for the Centers for Medicare and Medicaid Services (CMS), told the House Oversight Committee that she recommended that HealthCare.gov not launch on October 1 because of serious security concerns. “My evaluation of this was a high risk,” she told the committee in a private interview. Tony Trenkle, the project manager for the website, declined along with Fryer to sign the Authority to Operate (ATO) license needed to launch the site, which is why it had to be signed by Marilyn Tavenner, the political appointee in charge of CMS. Trenkle retired on November 13 and has declined to talk with reporters. But Fryer said her own concerns about security remain unaddressed because there have been “two high findings of risk” — the most serious warning level — in tests conducted in just the past few weeks. A CMS spokesman says both problems have been resolved.

Few cyber-security experts I spoke with for this article have much confidence that the government will quickly or competently reveal any security breaches on HealthCare.gov. On October 30, HHS Secretary Kathleen Sebelius testified under oath before Congress that “no senior official reporting to me ever advised me that we should delay” the launch of the website. But Fryer told the House committee that she had personally briefed Sebelius’s top aides on her findings on September 20, ten days before the site launched. While it may be true that Fryer and Trinkle don’t report directly to Sebelius, they both declined to sign off on the ATO needed to launch the site. At best, Sebelius has demonstrated a complete inability to follow or manage the security crisis, though it’s her responsibility to do so.

According to Bruce Webster, a consultant who has advised companies for 40 years on IT issues, the administration’s policy appears to be “security through obscurity,” a largely discredited approach. He told me:

They do not want to talk about their security measures; they do not want to talk about their security breaches; they do not want to inform affected citizens of compromised personal information. Their attitude reminds me of Lily Tomlin’s character Ernestine as an AT&T operator back when AT&T had a monopoly: “We don’t care. We don’t have to. We’re the phone company.”

Congresswoman Diane Black, a Tennessee Republican, is fed up with the obfuscation and evasion surrounding HealthCare.gov. She has introduced the “Federal Data Breach Notification Act,” which would require that the Federal Trade Commission notify anyone whose personal information has been jeopardized. “The federal government imposes these same rules on the private sector, yet they have gone out of their way to avoid imposing this basic diligence on their own Obamacare exchange,” she told me.

If the House and Senate have any basic concern for the privacy rights of Americans, they will catapult her bill onto President Obama’s desk ASAP. It is horrible news that Target’s security vulnerabilities allowed hackers to filch the names and personal information of customers. But it will be even worse if the federal government can continue to keep people in the dark about its own security breaches, leaving many Americans with big, fat targets on their backs for identity thieves.


TOPICS: Business/Economy; Crime/Corruption; Government
KEYWORDS: aca; hacking; identity; obamacare; personalinfo

1 posted on 12/23/2013 4:22:32 AM PST by Cincinatus' Wife
[ Post Reply | Private Reply | View Replies]

To: Cincinatus' Wife
""HHS responded: “We do not plan to include the specific notification procedures in the final rule. Consistent with this approach, we do not include specific policies for investigation of data breaches in this final rule.” "

the next question should have been "Why the F$%^ not?"

and splatter this info all over the internet

The Federal Register is turning out to be a gold mine for info about this corrupt administration... there is only one thing to do- stop writing things in the federal register.

2 posted on 12/23/2013 4:38:36 AM PST by Mr. K (If you like your constitution, you can keep it. Period.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Mr. K

“......... The workers the federal government hired to conduct the 2010 census were fingerprinted and underwent background checks. Not so the Obamacare “navigators.”..................


3 posted on 12/23/2013 4:44:08 AM PST by Cincinatus' Wife
[ Post Reply | Private Reply | To 2 | View Replies]

To: All
WRT healthcare.cov security breaches, HHS responded: “We do not plan to include the specific notification procedures in the final rule. Consistent with this approach, we do not include specific policies for investigation of data breaches in this final rule.”

Oh, and BTW, gang...glitch-plagued O/care (and the healthcare.gov rollout) were 2013's top news story...........

Now's a good time for Obama campaign-era articles to go viral---how
Obama bragged about him and his campaign team's tech savvy---how
they ran and won, financed by their clever use of tech.

===========================================

DO IT NOW---nail Michele's schoolmate's company
which raked in bushels of tax dollars for the botched web site.

Toni Townes-Whitley, Senior Vice President at "CGI Federal" for
Civilian Agency programs, healthcare.gov designers
is Princeton 1985,
same dumbed-down class as Michelle Obama. Both are members of
the racial separatist organization----Association of Black Princeton Alumni.

"I wake up every day wondering how I ever graduated from Princeton."

======================================================

We, the people, ripped off by CGI for $$hundreds of millions wonder, too.

4 posted on 12/23/2013 5:25:55 AM PST by Liz
[ Post Reply | Private Reply | To 3 | View Replies]

To: Cincinatus' Wife

This is the government, not a business. The government can do what it wants and we have no recourse. Who’s going to fine them or throw them in jail? The corrupt ‘justice’ department?


5 posted on 12/23/2013 6:25:52 AM PST by I want the USA back (Media: completely irresponsible traitors. Complicit in the destruction of our country.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Mr. K

So, they wanna prosecute Snowden for security breaches about government snooping, but they don’t even want to let us know when they build in a means for hooligans to steal private data about anyone who signs up for Obamacare?


6 posted on 12/23/2013 6:42:04 AM PST by Real Cynic No More (Border Fence Obamacare!)
[ Post Reply | Private Reply | To 2 | View Replies]

To: Cincinatus' Wife

IT security circles believe there are as many as 500 brute force attack attempts against government websites per hour. With Healthcare.gov being such an enormous target, it’s likely that number is much higher. Black Hat analysts believe that 1-in-20 attacks are successful at some level.

Successful attacks could mean someone finds a port vulnerability, is able to access a database, or otherwise gains access to a system that is restricted to government employee/contractor use only.


7 posted on 12/23/2013 6:48:40 AM PST by rarestia (It's time to water the Tree of Liberty.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Cincinatus' Wife

The essence of this article is that if you sign up on-line for ObamaCare you can just assume you have given personal information to hackers. There is no way the programmers who couldn’t create a working web site could keep the information secure.


8 posted on 12/23/2013 6:55:26 AM PST by Starstruck (If my reply offends, you probably don't understand sarcasm or criticism...or do.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: rarestia
No one I know trusts the Obamacare website. Can you imagine Amazon pulling crap on people to where they did not trust it enough to not buy anything ever again on Amazon?

Obama is trying to sell us something he has no knowledge of, with sexy ads, backed up by some law that intends to stick the IRS after us if we don't comply correctly.

If Obama were selling cell phones using all of his present techniques, he would be the laughing stock on Wall Street.

9 posted on 12/23/2013 7:40:45 AM PST by Slyfox (We want our PRE-EXISTING HEALTH INSURANCE back!)
[ Post Reply | Private Reply | To 7 | View Replies]

To: Cincinatus' Wife; COUNTrecount; Nowhere Man; FightThePower!; C. Edmund Wright; jacob allen; ...

Nut-job Conspiracy Theory Ping!

To get onto The Nut-job Conspiracy Theory Ping List you must threaten to report me to the Mods if I don't add you to the list...

10 posted on 12/23/2013 8:15:48 AM PST by null and void (I'm betting on an Obama Trifecta: A Nobel Peace Prize, an Impeachment, AND a War Crimes Trial...)
[ Post Reply | Private Reply | To 1 | View Replies]

To: null and void

I will repeat my vow: I will NEVER sign up on this website, even if threatened with death.


11 posted on 12/23/2013 8:21:08 AM PST by Lazamataz (Early 2009 to 7/21/2013 - RIP my little girl Cathy. You were the best cat ever. You will be missed.)
[ Post Reply | Private Reply | To 10 | View Replies]

To: Cincinatus' Wife
But at least Target informed its customers of the security breach

Nearly a month after it happened.

12 posted on 12/23/2013 9:14:57 AM PST by bgill
[ Post Reply | Private Reply | To 1 | View Replies]

To: null and void

just another reason I will NEVER use this crazy a%$ site for anything…. least of all health ‘care’ insurance


13 posted on 12/23/2013 10:11:16 AM PST by Nifster
[ Post Reply | Private Reply | To 10 | View Replies]

To: null and void; MestaMachine; Rushmore Rocks; Oorang; sweetiepiezer; txnuke; La Lydia; aragorn; ...

You will not be notified when your ID and personal/ medical information is stolen.

Article, then # 2, 3, 4, 7.

Thanks, Nully.

14 posted on 12/23/2013 12:09:21 PM PST by LucyT ( If you're NOT paranoid, you don't know what's going on.)
[ Post Reply | Private Reply | To 10 | View Replies]

To: LucyT; null and void

Thank You Both and Merry Christmas.


15 posted on 12/23/2013 12:12:37 PM PST by no-to-illegals (Scrutinize our government and Secure the Blessing of Freedom and Justice)
[ Post Reply | Private Reply | To 14 | View Replies]

To: Cincinatus' Wife

Thank You and Merry Christmas to you and yours.


16 posted on 12/23/2013 12:13:38 PM PST by no-to-illegals (Scrutinize our government and Secure the Blessing of Freedom and Justice)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Mr. K
The key is this site is linked, from what I understand to the IRS computers. Have to believe they have us all by now and is only a question of when they will use the information obtained.
17 posted on 12/23/2013 12:16:15 PM PST by no-to-illegals (Scrutinize our government and Secure the Blessing of Freedom and Justice)
[ Post Reply | Private Reply | To 2 | View Replies]

To: Lazamataz

Laz, do you think they have broken open the code to the IRS computers via the healthcare site yet? My best guess is, it is done and they are in.


18 posted on 12/23/2013 12:17:50 PM PST by no-to-illegals (Scrutinize our government and Secure the Blessing of Freedom and Justice)
[ Post Reply | Private Reply | To 11 | View Replies]

To: LucyT

Everything designed by the zer0 administration has a purpose and none of that purpose is good.


19 posted on 12/23/2013 12:19:03 PM PST by no-to-illegals (Scrutinize our government and Secure the Blessing of Freedom and Justice)
[ Post Reply | Private Reply | To 14 | View Replies]

To: Cincinatus' Wife
If the House and Senate have any basic concern for the privacy rights of Americans, they will catapult her bill onto President Obama’s desk ASAP.

Does anyone think Obama would actually obey this law, even if it was passed and he signed it in order to avoid criticism?

20 posted on 12/23/2013 12:19:51 PM PST by Cicero (Marcus Tullius)
[ Post Reply | Private Reply | To 1 | View Replies]

To: LucyT
NHS pulls the plug on its £11bn IT system
A plan to create the world's largest single civilian computer system linking all parts of the National Health Service is to be abandoned by the Government after running up billions of pounds in bills. Ministers are expected to announce next month that they are scrapping a central part of the much-delayed and hugely controversial 10-year National Programme for IT.
We have not yet spent a billion so we have a ways to go.....basically the article is like looking into the future of Obummercare, but I didn't see much of this story on this side of the pond. This is published Aug 2011.
21 posted on 12/23/2013 12:23:09 PM PST by GregNH (If you can't fight, please find a good place to hide!)
[ Post Reply | Private Reply | To 14 | View Replies]

To: I want the USA back

Pffft. There is always recourse. God Himself designed that way. Just sometimes its not as easy as we’d like it to be. The founders handed off a great system to us, and despite the damage, much of it is still working. It’s not our job to just give up and go home. There’s no future in that. Our best bet is to keep on fighting with the tools we still have. Don’t ever get tired of doing the right thing.


22 posted on 12/23/2013 12:59:10 PM PST by Springfield Reformer (Winston Churchill: No Peace Till Victory!)
[ Post Reply | Private Reply | To 5 | View Replies]

To: no-to-illegals

Not necessarily. IRS would be in a different domain and will be behind it’s own firewall. Depending on the structure that is in place (and I expect there is PRECIOUS LITTLE) and the security on that transfer, I bet not a lot can happen to get into the IRS. From what I understand, the IRS actually DOES have good security IT people.


23 posted on 12/23/2013 12:59:34 PM PST by Lazamataz (Early 2009 to 7/21/2013 - RIP my little girl Cathy. You were the best cat ever. You will be missed.)
[ Post Reply | Private Reply | To 18 | View Replies]

To: Lazamataz

May you be correct Laz. Have to wonder why, if is a link at the healthcare site, why was put there at the healthcare site. I may go to email later to talk with you. Have been noticing something else along the lines of what is going on. Maybe is nothing and will make a decision later, if I have your permission to go to email with additional thoughts.


24 posted on 12/23/2013 1:06:23 PM PST by no-to-illegals (Scrutinize our government and Secure the Blessing of Freedom and Justice)
[ Post Reply | Private Reply | To 23 | View Replies]

To: Lazamataz
I will repeat my vow: I will NEVER sign up on this website, even if threatened with death.

Not to worry - at some point when they need money you will be "deemed enrolled" and the Social Security Administration will transfer your info directly to the hackers. :)

25 posted on 12/23/2013 1:08:43 PM PST by Mr. Jeeves (CTRL-GALT-DELETE)
[ Post Reply | Private Reply | To 11 | View Replies]

To: Lazamataz

Laz, am going to go ahead and mention something here, in the open. Have been noticing certain things regarding some virus protections going off. Don’t know how good security is at the IRS but if they do not have alarm bells when this happens where virus protection and firewalls go off, then we are had.


26 posted on 12/23/2013 1:10:01 PM PST by no-to-illegals (Scrutinize our government and Secure the Blessing of Freedom and Justice)
[ Post Reply | Private Reply | To 23 | View Replies]

To: Real Cynic No More
...but they don’t even want to let us know when they build in a means for hooligans to steal private data about anyone who signs up for Obamacare?

But they won't be the average 'hooligans'. They'll be tech savvy, they will know what they are looking for, and they'll know how to use it when they get it. Just another phase of The Looting of America, up close and personal...

27 posted on 12/23/2013 1:10:24 PM PST by Smokin' Joe (How often God must weep at humans' folly. Stand fast. God knows what He is doing.)
[ Post Reply | Private Reply | To 6 | View Replies]

To: no-to-illegals

You always ‘have permission’ to mail me. LOL!


28 posted on 12/23/2013 1:14:14 PM PST by Lazamataz (Early 2009 to 7/21/2013 - RIP my little girl Cathy. You were the best cat ever. You will be missed.)
[ Post Reply | Private Reply | To 24 | View Replies]

To: Lazamataz

Another point Laz. If the protection does go offline or is taken offline, it is too late, they are in. The reason I say this is ... once in for even a brief second ... the seed is planted and then all is done and the downloads begin even if rebooted, from as best as I understand ... Have any reassurances?


29 posted on 12/23/2013 1:14:14 PM PST by no-to-illegals (Scrutinize our government and Secure the Blessing of Freedom and Justice)
[ Post Reply | Private Reply | To 23 | View Replies]

To: Real Cynic No More
If you read the statement closely, not only do they not want to let us know, they have no intention of investigating anything to even have something to let us know about.
30 posted on 12/23/2013 1:14:15 PM PST by Cyber Liberty (H.L. Mencken: "The urge to save humanity is almost always a false front for the urge to rule.")
[ Post Reply | Private Reply | To 6 | View Replies]

To: Lazamataz

Too late Laz ... LOL ... went public.


31 posted on 12/23/2013 1:15:06 PM PST by no-to-illegals (Scrutinize our government and Secure the Blessing of Freedom and Justice)
[ Post Reply | Private Reply | To 28 | View Replies]

To: Mr. K

Their website design is so incompetent that it probably cannot detect the number and scope of intrusions.


32 posted on 12/23/2013 1:15:20 PM PST by Skepolitic
[ Post Reply | Private Reply | To 2 | View Replies]

To: no-to-illegals

I cannot go into it, because I’d be compromising (by association) the place where I *DO* work, but I promise ya, the security is a LOT deeper than ‘alarm bells’ going off when a virus hits. (smile)

You gotta trust me here. Us guys are good. REAL good.


33 posted on 12/23/2013 1:15:57 PM PST by Lazamataz (Early 2009 to 7/21/2013 - RIP my little girl Cathy. You were the best cat ever. You will be missed.)
[ Post Reply | Private Reply | To 26 | View Replies]

To: Mr. K

No way should Healthcare.gov hacking incidents be disclosed.

The Feds have to keep stuff like this secret in the interests of national security.


34 posted on 12/23/2013 1:17:21 PM PST by Skepolitic
[ Post Reply | Private Reply | To 2 | View Replies]

To: Lazamataz

I trust you Laz. Don’t trust anyone else in government though.


35 posted on 12/23/2013 1:17:25 PM PST by no-to-illegals (Scrutinize our government and Secure the Blessing of Freedom and Justice)
[ Post Reply | Private Reply | To 33 | View Replies]

To: Lazamataz

Laz, I said you were in the government. Technically that is correct but, I think I just insulted you because you are not in the present government that is attempting to harm Americans. My apology Laz, my fellow government person against the government people in charge.


36 posted on 12/23/2013 1:29:10 PM PST by no-to-illegals (Scrutinize our government and Secure the Blessing of Freedom and Justice)
[ Post Reply | Private Reply | To 33 | View Replies]

To: Lazamataz

and btw ... Merry Christmas Laz! If you are up my way, come to dinner around 5 p.m. Wednesday. Would love to have you here. Will give you directions or look me up on maps.


37 posted on 12/23/2013 1:31:18 PM PST by no-to-illegals (Scrutinize our government and Secure the Blessing of Freedom and Justice)
[ Post Reply | Private Reply | To 33 | View Replies]

To: Lazamataz

oh and if you get lost ... I hope you still have my number. If not just email me again for the number.


38 posted on 12/23/2013 1:37:26 PM PST by no-to-illegals (Scrutinize our government and Secure the Blessing of Freedom and Justice)
[ Post Reply | Private Reply | To 33 | View Replies]

To: no-to-illegals

I am committed to the mission of the group I am affiliated with, and it is one of the VERY few Federal Agencies that actually commands respect and has an honorable mission. It has a 75% positive rating as lately as October of 2013. There is a reason for that: They stick to the SCIENCE and (mostly) avoid the politics. If that changes, I leave.

I wouldn’t work in most of the government. This one is damned honorable. I’ll send you private freepmail on which one it is and why I respect them.


39 posted on 12/23/2013 2:38:16 PM PST by Lazamataz (Early 2009 to 7/21/2013 - RIP my little girl Cathy. You were the best cat ever. You will be missed.)
[ Post Reply | Private Reply | To 36 | View Replies]

To: Cincinatus' Wife
i believe the term is accessory before the fact...
40 posted on 12/23/2013 2:51:09 PM PST by Chode (Stand UP and Be Counted, or line up and be numbered - *DTOM* -vvv- NO Pity for the LAZY - 86-44)
[ Post Reply | Private Reply | To 1 | View Replies]

To: LucyT

Like I’ve said since healthcare.gov was launched, I wouldn’t touch that website with YOUR browser.


41 posted on 12/23/2013 4:24:45 PM PST by Windflier (To anger a conservative, tell him a lie. To anger a liberal, tell him the truth.)
[ Post Reply | Private Reply | To 14 | View Replies]

To: Lazamataz

You have mail and I could not agree more.


42 posted on 12/23/2013 4:34:34 PM PST by no-to-illegals (Scrutinize our government and Secure the Blessing of Freedom and Justice)
[ Post Reply | Private Reply | To 39 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson