August 7 2013

Newest Obamacare OOps: A Hacker's Dream

Patrice J. Lee

The dream of supposedly affordable health care is turning into a nightmare.

Earlier this week we reported that the administration is launching a heavy PR blitz to educate Americans on Obamacare in advance of major rollout deadlines this fall.

Now, we’re learning that testing data security –a critical piece of the legislation– is behind schedule potentially, placing the personal information of millions of Americans at risk.

The health exchanges, state-run public insurance markets, are set to open on October 1. But because of  missed deadlines, testing on the data hub, a system that manages access to the records of participants in the programs, will not be tested until the end of September. This means the system may go online with security flaws and be open to security breaches – a hackers dream!

With so much at stake, you might expect the Administration to delay the health exchange opening so that testing can occur, but that won’t happen, according to Deven McGraw, a technology expert tracking this issue:

"They've removed their margin for error. There is huge pressure to get (the exchanges) up and running on time, but if there is a security incident they are done. It would be a complete disaster from a PR viewpoint."

Just how far behind schedule are they on testing? According to an inspector general’s report released on Friday, Health and Human Services had set an early June deadline to test security elements and that has now been pushed to this week and next –two months behind schedule. The rippling impact of the testing means the system won’t be certified as secure until as late as a day before the big enrollment day for Obamacare.

Good luck to those who can’t wait to be first in line for free national healthcare. They may go home with more than just new benefits.

The information hub doesn’t store information itself, but acts as a portal connecting to the IRS and other agencies that allow verification of people’s information. So come October 1, if it is not verified as secure it should not be able to come online. That doesn’t mean enrollment will be halted or postponed but those who do apply for insurance will not be told if they have been accepted or whether they are eligible for government subsidies to pay their premiums.

Somehow, I’m not convinced that the hub will be delayed if it’s not verified. Under pressure to save face the president likely will want to meet the rollout deadline, especially since other major healthcare deadlines have been postponed. It’s unfortunate that the government doesn’t consider security as a high enough priority that it would delay enrollment. This demonstrates what happens when political agendas trump security and reveals yet another problem with implementing massive sweeping legislation: unintended consequences.

This is not the only time we’ve highlighted security issues around the collection of people’s personal information. Recently we raised other security issues after uncovering the lax standards state exchanges were using to recruit insurance agents –I mean enrollment counselors– to get people enrolled in Obamacare.

In California, enrollment counselors are being farmed from thousands of community organizations with little regard to their criminal background. Yes, let’s give a former thief access to the names, social security numbers, addresses, financial information and medical histories of applicants. Couple that with this new revelation that the electronic system housing all of this information may not even be secure, we’ve got serious grounds for concern.

Morally and constitutionally, Obamacare is wrong for America as it expands the role of government beyond what the majority of Americans want, but now it reveals its sinister practical implementations.

 

Comments
blog comments powered by Disqus