Security a sorry site on HealthCare.gov
December 3, 2013 – It doesn’t matter how healthy you are, everyone signing up for ObamaCare is in a high-risk pool when it comes to online security. While the White House boasts that HealthCare.gov is more functional than ever, internet experts beg to differ. For those applicants lucky enough to make it past the exchange’s home page (and that still isn’t many), “proceed at your own risk” seems to be the motto from most insiders — including HHS’s own.
The website’s data protections are so lax that administration officials worry about “high exposures” of personal information. Everything from medical histories to payment details could be leaked into the public domain, a sign of monumental problems lurking beneath the site’s band-aided façade. David Kennedy, a hacker trained to test websites, testified on the Hill about the huge cracks in HealthCare.gov. The bottom line? User beware.
“When you develop a website, you develop it with security in mind,” Kennedy told House members. “And it doesn’t appear to have happened this time.” Plus, he pointed out, “It’s really hard to go back and fix the security around it because security wasn’t built into it.” Some specialists think the problems are severe enough to scrap the site and start over. Right now, says Kennedy, “We’re talking multiple months to over a year to address some of the critical-to-high exposures on the website itself.”
That doesn’t seem to faze the President, who is sticking by his December 23 deadline for individual enrollment — knowing full well that Americans will have to compromise their personal safety to comply. Rep. Mike Rogers (R-Mich.) blasted the administration’s flippant attitude toward security and fumed that HealthCare.gov “does not even meet the minimal standards of the private sector.” On NBC’s “Meet the Press,” Rogers reminded people that their personal information isn’t just on the exchange portal, but “all of the [federal government data] sites that the [HealthCare.gov] hub accesses would expose Americans’ personal information in a way that is breathtakingly bad.”
In an internal memo, HHS seemed well aware of the gamble consumers would be taking with their information. They were candid that the safeguards in the site hadn’t been well tested, admitting that it created “a high risk” for any enrollee. In the meantime, 80 million Americans are losing a different kind of security — the assurance that they have any health care at all. In a new American Enterprise Institute report, analysts expect mailboxes to be bursting with cancellation notices in 2014. “At least half” of the people covered by their employers’ health care plans will start losing their policies by the start of next year, their research found — with small businesses bearing the brunt.
For now, the President’s re-launch has been more like déjà glitch, as yesterday’s users found themselves right back where they started: in an online logjam riddled with more errors. And while Obama officials insist the site is “vastly improved,” they couldn’t have meant for insurance companies. More than a third of their customers are sorting through the headaches of the site’s failure to notify insurers, accidental cancellations, duplicate enrollments, inaccurate information, or confusion over federal subsidies.
But even having incorrect files may be better than having no records at all — a crisis currently facing thousands of enrollees. According to America’s Health Insurance Plans, “In some cases, plans are not getting the enrollment files at all.” That seems to be a complaint shared across the board, as HealthCare.gov struggles to communicate to insurance companies when a customer buys a policy through the exchange. One executive said they can’t know how many missing applications are out there, but “tens of thousands” of people could be in this situation. “People may show up on the doorstep of the doctor or hospital thinking they have coverage and they don’t.”
For now, there is an element of coverage most Americans would be happy to do without: the HHS mandate on abortifacient and contraception drugs. Yesterday, Rasmussen released a second pollconfirming FRC’s survey results from last week — which is that Americans reject the idea that businesses should have to provide “health care” they morally oppose. Fifty-one percent (to 38%) disapproved of the HHS’s mandate, and unlike FRC’s poll (which found 59% opposition), Rasmussen’s was focused exclusively on contraceptives. Without even mentioning the drugs that can “destroy a human embryo,” Americans — by double digits! — strongly resist the notion that companies like Hobby Lobby and Conestoga Wood should have to violate their convictions as a condition of offering employee health insurance.