In early 2014, as ethical hackers from Health and Human Services searched for the security weaknesses of HealthCare.gov, they discovered “a critical vulnerability” but also gave the OK for some of the health insurance site’s security features.
As reported by Federal News Radio:
“Those are among the conclusions of a report being released Tuesday by the Health and Human Services Department inspector general, who focuses on health care fraud.
The report amounts to a mixed review for the federal website that serves as the portal to taxpayer-subsidized health plans for millions of Americans. Open enrollment season starts Nov. 15.
The inspector general found that the administration ‘has taken actions to lower the security risks associated with HealthCare.gov systems and consumer (personal information).’
But the auditors said they ‘remain concerned’ about the use of encryption technology that is not certified to meet certain government standards. Encryption refers to the encoding of data traveling back and forth between consumers and HealthCare.gov to make it more secure.”
See the full HHS inspector general’s report here: http://oig.hhs.gov/oas/reports/region1/181430011.pdf