HealthCare.gov could be vulnerable to cyber attacks.
Officials at the U.S. Department of Health and Human Services Office of Inspector General (HHS OIG) have delivered that verdict in a new report on tests of the U.S. Department of Health and Human Services (HHS) exchange systems, and of state-based systems in Kentucky and New Mexico. HHS OIG is an agency that’s supposed to keep tabs on HHS.
The agency checked HealthCare.gov — the Patient Protection and Affordable Care Act (PPACA) enrollment system for the public exchanges run by HHS – to see whether system managers are meeting federal security planning and risk assessment standards; how well the system managers respond to actual security incidents, and how a system stands up to automated vulnerability testing.
The agency also conducted penetration testing — efforts to get access to system resources without knowing user names or passwords. Also, the agency conducted similar reviews of the Kentucky and New Mexico systems.