The HealthCare.gov website has a notorious history already. The site's launch last fall was marred by crashes, and it took months before the service was easy to access for most users. Now, it might have hit another hiccup, because government hackers found a few critical vulnerabilities in the site that could allow criminals to break in and steal important information like Social Security numbers.
The "white hat" hackers are good guys working for the Department of Health and Human Services' inspector general. The Department has since released a report detailing its findings. The government is lucky they found the problem before the bad guy hackers did. Otherwise, we could be facing an even worse situation right now.
Earlier this year, the government's hacking team mimicked techniques other hackers would use to see if HealthCare.gov was vulnerable to attack.
"Scanners simulate an outside malicious attack on the system and may identify ... vulnerabilities that could put a system's security at risk," the report explained. "Scanners use the same techniques as hackers, so the scanners test the security from an outside perspective."
HealthCare.gov runs the healthcare exchange for 36 states, with the other 14 states operating their own. The inspector general also tested New Mexico and Kentucky's sites, with mixed results. The Kentucky site had some weaknesses but it did a good overall job protecting information. The New Mexico site, on the other hand, had 64 vulnerabilities.
What they found on HealthCare.gov poses some serious questions about the security of the site. It wasn't all bad, though. The report also states HealthCare.gov's security features did a few things right, too.