The federal government has issued an alarming privacy warning. Congress' Government Accountability Office (GAO) says that state-run health insurance websites have massive security holes, which hackers could use to access millions of people's health insurance information and, likely, Social Security numbers and other sensitive information.
The GAO, which hinted at some of these security holes last month, has now revealed that it studied three states out of a dozen that run health insurance websites. All three tested states (California, Kentucky, and Vermont) had serious security flaws, many of which have not yet been fixed. The government has not studied the other state's health insurance exchanges, but it's likely these security holes are present on those systems too.
"Regulators said that given the number of weaknesses they discovered in just the three states studied, other state-run health insurance exchanges could be vulnerable," according to the Associated Press. "The GAO recommended the federal government continually monitor cybersecurity at such sites."
The security holes discovered include:
- unencrypted passwords that hackers can easily get past to access your personal information;
- unsecured websites that don't prevent hostile attacks; and
- unencrypted computer servers where hackers could access your private information.
These security blunders come on top of news that the Web portal for President Obama's Affordable Care Act, HealthCare.gov, has been attacked by hackers at least 316 times.
There is good news here. So far, there have been no reported hacks of any state-run health insurance exchange.
Note: We strongly urge you to sign up for an identity protection service.