Monday, April 11, 2016

Exchange (In)Security Alert

We've long chronicled the terrible security hole that is the ObamaTax Marketplace (most recently here). But wait, it gets better worse:

"Federal investigators found significant cybersecurity weaknesses in the health insurance websites of California, Kentucky and Vermont that could enable hackers to get their hands on sensitive personal information about hundreds of thousands of people"

So it's not just the Federales with the gaping hole where their cybersecurity should be. It's also interesting [ed: and by "interesting" we mean "frightening"] that the Government Accountability Office actually found these flaws last Fall, but we're only learning of them now, some six months later.

But never fear, our intrepid ObamaTax CyberCop Task Force is on the job!

Or maybe not:

"[G]iven the number of weaknesses they discovered in just the three states studied, other state-run health insurance exchanges could be vulnerable, too"


Oh, how big a deal is this, you may be wondering?

Well, how about this:

"[O]ne state did not encrypt passwords ... One state did not properly use a filter to block hostile attempts to visit the website ... one state did not use the proper encryption on its servers, making it easier for hackers to get in"

These are all computer security 101 level things; heck, it's hard to even set up a new cell phone without all of these in place.

The good news is that newly elected Blue Grass State Governor Blevin is already hard at work dismantling his state's ill-conceived and poorly designed Exchange. Perhaps others will file suit. Of course, this will put even more pressure on the Fed's to clean up their act.

Nah, that's a sucker bet.
blog comments powered by Disqus