HealthCare.gov's security checkup
The inspector general's hackers found that the government has taken some steps to make sure HealthCare.gov is safe, but it needs to do more. One particular weak spot is the site's encryption technology. Its current encryption doesn't even meet government standards.
In its formal response, the administration said it has taken other actions to resolve the encryption issue.
The hackers also found a security flaw labeled "critical" in the report that could let a hacker "take over the system and execute commands, or download and modify information." But, this is where HealthCare.gov's defenses stepped up. When the hackers tried to move on to the next step of the hack, the site's security blocked them.
There were two additional "critical" vulnerabilities related to databases that support HealthCare.gov in the report, but it didn't mention any further details about them.
Until the government fixes all of these errors, there's no guarantee your information is secure when using the site. In the event of a real HealthCare.gov hack, make sure you're protected.