So, HealthCare.gov was hacked

posted at 9:21 pm on September 4, 2014 by Mary Katharine Ham

Well, who could have seen this coming? Thankfully, at this point, the reports say there has been no release of personal information. I can’t say I’m terribly heartened:

A hacker broke into part of the HealthCare.gov insurance enrollment website in July and uploaded malicious software, according to federal officials.

Investigators found no evidence that consumers’ personal data was taken in the breach, federal officials said. The hacker appears only to have accessed a server used to test code for HealthCare.gov. The Department of Health and Human Services discovered the attack last week.

An HHS official said the attack appears to mark the first successful intrusion into the website, where millions of Americans bought insurance starting last year under the Affordable Care Act. It raised concerns among federal officials because of how easily the intruder gained access and how much damage could have occurred.

“Our review indicates that the server did not contain consumer personal information; data was not transmitted outside the agency, and the website was not specifically targeted,” the Department of Health and Human Services said in a written statement. “We have taken measures to further strengthen security.”

Good news: Open enrollment begins again Nov. 15.

Well, I guess this guy saw this coming, along with anyone who was willing to recognize how shoddy this production schedule was from Day One:

Hacking expert David Kennedy told Fox’s Chris Wallace that he determined he could gain access to 70,000 personal records of Obamacare enrollees via HealthCare.gov within about 4 minutes — and it required nothing more than a standard browser, the Daily Caller reported.

“And 70,000 was just one of the numbers that I was able to go up to and I stopped after that,” he said. “You know, I’m sure it’s hundreds of thousands, if not more, and it was done within about a 4 minute timeframe. So, it’s just wide open.”

“You can literally just open up your browser, go to this, and extract all this information without actually having to hack the website itself,” he said…

“What we learned was that they had rushed through what we call the software development life cycle where they actually build the application,” he said on Fox.

Update: Via Guy Benson, the very depressing “Eight New Pieces of Bad ObamaCare News”


Related Posts:

Breaking on Hot Air

Blowback

Note from Hot Air management: This section is for comments from Hot Air's community of registered readers. Please don't assume that Hot Air management agrees with or otherwise endorses any particular comment just because we let it stand. A reminder: Anyone who fails to comply with our terms of use may lose their posting privilege.

Trackbacks/Pings

Trackback URL

Comments

“Were there any nudes of Channing Tatum and/or Tatum Channing?”

“No?”

“Then why should anybody care!?”

~media

Jedditelol on September 4, 2014 at 9:24 PM

I’m told they based it on a GOP internet security plan from the 90s. The one written by heritage enacted by your last presidential nominee at the state level and championed by Newt Gingrich. This security breach is obviously the conservatives’ fault.
 
Why do you (R)s think you can duck responsibility for it when your fingerprints are everywhere on it?

rogerb on September 4, 2014 at 9:27 PM

Is it wrong to feel just a little vindicated by this news? Seriously, is it wrong?

Because I gotta say, I’m feeling just a little bit vindicated right now, and as a Catholic, I need to know if I should feel guilty…

JohnGalt23 on September 4, 2014 at 9:28 PM

It was hacked multiple times. I recall that the hacker(s)–or most likely bots–set up an eCommerce store for perfume and sports shirts.

Investigators found no evidence that consumers’ personal data was taken in the breach, federal officials said.

A good enough sniffer code could easily hide from those incompetent technicians.

DevilishSoda on September 4, 2014 at 9:28 PM

Really comforting…I’m not signed up thank goodness…

sorrowen on September 4, 2014 at 9:31 PM

I’m safe… not signed up (ever!!)…

Khun Joe on September 4, 2014 at 9:33 PM

An HHS official said the attack appears to mark the first successful intrusion into the website

Let me translate for him…first acknowledged successful intrusion. There have been many others, that they don’t know about and/or aren’t talking about. As the hacker guy said, it’s wide open.

Doc Holliday on September 4, 2014 at 9:33 PM

How many times? The Russians, Chinese, Norks, and God knows whom else is constantly hacking our infrastructure. Why not the Obamacare website too? How often did we hear folks testify in front of Congress about the lack of security on the system?

307wolverine on September 4, 2014 at 9:34 PM

BTW, does anyone know what kind of special long-lasting hard drives they’re using?

rogerb on September 4, 2014 at 9:35 PM

OT:

NYT Article:

New Book Says C.I.A. Official in Benghazi Held Up Rescue

CAIRO — Five commandos guarding the C.I.A. base in Benghazi, Libya, in September 2012 say that the C.I.A. station chief stopped them from interceding in time to save the lives of Ambassador J. Christopher Stevens and an American technician during the attack on the diplomatic mission there.

In a new book scheduled for release next week and obtained by The New York Times, the commandos say they protested repeatedly as the station chief ordered them to wait in their vehicles, fully armed, for 20 minutes while the attack on the diplomatic mission was unfolding less than a mile away.

“If you guys do not get here, we are going to die!” a diplomatic security agent then shouted to them over the radio, the commandos say in the book, and they left the base in defiance of the chief’s continuing order to “stand down.”

kcewa on September 4, 2014 at 9:36 PM

So, HealthCare.gov was hacked

No way. Maybe if we had spent just a little more on the system it would have been jack proof.

arnold ziffel on September 4, 2014 at 9:37 PM

I’m told they based it on a GOP internet security plan from the 90s. The one written by heritage enacted by your last presidential nominee at the state level and championed by Newt Gingrich. This security breach is obviously the conservatives’ fault.

Why do you (R)s think you can duck responsibility for it when your fingerprints are everywhere on it?

rogerb on September 4, 2014 at 9:27 PM

What kind of gibberish is this? What does one have to do with the other (assuming the GOP part is true)?

307wolverine on September 4, 2014 at 9:37 PM

Because I gotta say, I’m feeling just a little bit vindicated right now, and as a Catholic, I need to know if I should feel guilty…

JohnGalt23 on September 4, 2014 at 9:28 PM

It’s always safer to feel at least a little guilty.

Though you’re right to feel vindicated.

kcewa on September 4, 2014 at 9:38 PM

Forgot the link

OT:

NYT Article:

New Book Says C.I.A. Official in Benghazi Held Up Rescue

kcewa on September 4, 2014 at 9:39 PM

The fact that government controls it means it will always be permanently hacked …

ShainS on September 4, 2014 at 9:43 PM

Wait, a poorly designed and implemented widely known website was hacked? Who could have foreseen this? Except those of us who thought a man with no executive experience shouldn’t be president.

rbj on September 4, 2014 at 9:47 PM

I’m told they based it on a GOP internet security plan from the 90s. The one written by heritage enacted by your last presidential nominee at the state level and championed by Newt Gingrich. This security breach is obviously the conservatives’ fault.

Why do you (R)s think you can duck responsibility for it when your fingerprints are everywhere on it?

rogerb on September 4, 2014 at 9:27 PM

Hey rogered… you evidently know so little about IT matters that it would be easier for me to tell you what you got right.

Your screen name. That’s it.

Walter L. Newton on September 4, 2014 at 9:50 PM

Walter L. Newton on September 4, 2014 at 9:50 PM

307wolverine on September 4, 2014 at 9:37 PM

Pretty sure roger was making the comparison based on how Romney / Heritage Center came up with the original base idea for healthcare law.

He left off his / on purpose.

Mark Boabaca on September 4, 2014 at 9:53 PM

New Book Says C.I.A. Official in Benghazi Held Up Rescue

CAIRO — Five commandos guarding the C.I.A. base in Benghazi, Libya, in September 2012 say that the C.I.A. station chief stopped them from interceding in time to save the lives of Ambassador J. Christopher Stevens and an American technician during the attack on the diplomatic mission there.

In a new book scheduled for release next week and obtained by The New York Times, the commandos say they protested repeatedly as the station chief ordered them to wait in their vehicles, fully armed, for 20 minutes while the attack on the diplomatic mission was unfolding less than a mile away.

“If you guys do not get here, we are going to die!” a diplomatic security agent then shouted to them over the radio, the commandos say in the book, and they left the base in defiance of the chief’s continuing order to “stand down.”

kcewa on September 4, 2014 at 9:36 PM

Bret Baier is doing a special on these guys tomorrow night at 10PM.

CoffeeLover on September 4, 2014 at 9:53 PM

I’m told they based it on a GOP internet security plan from the 90s. The one written by heritage enacted by your last presidential nominee at the state level and championed by Newt Gingrich. This security breach is obviously the conservatives’ fault.

Why do you (R)s think you can duck responsibility for it when your fingerprints are everywhere on it?

rogerb on September 4, 2014 at 9:27 PM

What kind of gibberish is this? What does one have to do with the other (assuming the GOP part is true)?

307wolverine on September 4, 2014 at 9:37 PM

rogerb was mocking this comment by the troll Tlaloc from the 38% DogEater approval rating thread earlier today …

ShainS on September 4, 2014 at 9:54 PM

What’s the problem?

After all, massive identity theft is merely the logical next step in the left’s crusade to make us all “equal.”

/

RedPepper on September 4, 2014 at 9:56 PM

rogerb on September 4, 2014 at 9:27 PM

Happy now? You hooked two :-)

307wolverine on September 4, 2014 at 9:37 PM

Walter L. Newton on September 4, 2014 at 9:50 PM

Oldnuke on September 4, 2014 at 9:57 PM

rogerb, you just got called out by Huey Newton here!

Judge_Dredd on September 4, 2014 at 9:57 PM

I’m safe… not signed up (ever!!)…

Khun Joe on September 4, 2014 at 9:33 PM

Wait until the employer mandate kicks in (whenever King Putt decides) and you lose your health insurance.

Open enrollment starts November 15? How convenient–two weeks AFTER the election!!! If the Democrats hold the Senate, Hussein the First will order the mandate, and

Nya, nya, nya, nya, nya, you lost your insurance!

Steve Z on September 4, 2014 at 9:59 PM

rogerb was mocking this comment by the troll Tlaloc from the 38% DogEater approval rating thread earlier today …

ShainS on September 4, 2014 at 9:54 PM

I see. Thank you. I have long learned that liberal stupidity knows no limits.

307wolverine on September 4, 2014 at 10:01 PM

rogerb, you just got called out by Huey Newton here!

Judge_Dredd on September 4, 2014 at 9:57 PM

Whatever yanks his crank.

Walter L. Newton on September 4, 2014 at 10:03 PM

Investigators found no evidence that consumers’ personal data was taken in the breach,

Do they have any investigators competent enough to determine this?

Lance Corvette on September 4, 2014 at 10:10 PM

Holder will be right on this breach….

Trust me…

Electrongod on September 4, 2014 at 10:11 PM

Holder will be right on this breach….

Trust me…

Electrongod on September 4, 2014 at 10:11 PM

Tamara? Because you’d have a better chance with Tamara.

Judge_Dredd on September 4, 2014 at 10:14 PM

” Investigators found no evidence that consumers?” Translation: we looked in a few areas and “found” no evidence, but that doesn’t mean there is none.

NewyoricanInTheSouth on September 4, 2014 at 10:26 PM

. . . . . Investigators found no evidence that consumers’ personal data was taken in the breach, federal officials said. The hacker appears only to have accessed a server used to test code for HealthCare.gov. The Department of Health and Human Services discovered the attack last week.

Danny Yadron @online.wsj.com on September 4, 2014 at 7:36 PM

.
I’m not saying the “federal officials” are wrong, or lying . . . . . I’m just asking anyone here with sufficient IT prowess to explain, how they can know that, for sure ?

listens2glenn on September 4, 2014 at 10:30 PM

So, HealthCare.gov was hacked

How can you tell?

And is it really “hacking” when they just used the superuser ID “PrezBarry” and password “the1″?

malclave on September 4, 2014 at 10:36 PM

How it will actually be reported:

“Access to Healthcare.gov has improved dramatically”

Wino on September 4, 2014 at 10:53 PM

Best and the brightest. Smart Power. Don’t do stupid. Anything but Bush and Cheney. Get us out of Iraq.

My God. The only thing between you and the terrorists is Joe Biden.

Think about that.

HopeHeFails on September 4, 2014 at 10:55 PM

BTW, does anyone know what kind of special long-lasting hard drives they’re using?

rogerb on September 4, 2014 at 9:35 PM

I think they’re using RAM drives in case they get subpoenaed.

malclave on September 4, 2014 at 10:55 PM

So, HealthCare.gov was hacked

Not sure who I’m supposed to trust more…Russian hackers or our own government?

I’m going with the Russkies at this point.

At any rate, the “wonks” and “techno weenies” whatever have been pushing this digital crap on us with religious fervor for decades (with not a little help from those making money selling devices and software). It’s a platform for people with normal intelligence to shine where they wouldn’t have fifty years ago.

This technology has some great things going for it, but it obviously has negatives. But we’re being told (in so many words) just to ignore the security flaws as that’s simply the price we pay for being modern, uber-advanced sentient organisms.

Dr. ZhivBlago on September 4, 2014 at 11:26 PM

The fact that government controls it means it will always be permanently hacked …

By the dead and the pets who are voting?

DevilishSoda on September 5, 2014 at 12:06 AM

Are automated systems actually more secure and reliable than paper forms processing?

Second look at paper forms filled out in triplicate?

ajacksonian on September 5, 2014 at 7:12 AM

I’m told they based it on a GOP internet security plan from the 90s. The one written by heritage enacted by your last presidential nominee at the state level and championed by Newt Gingrich. This security breach is obviously the conservatives’ fault.
 
Why do you (R)s think you can duck responsibility for it when your fingerprints are everywhere on it?
 
rogerb on September 4, 2014 at 9:27 PM

 
Hey rogered… you evidently know so little about IT matters that it would be easier for me to tell you what you got right.
 
Your screen name. That’s it.
 
Walter L. Newton on September 4, 2014 at 9:50 PM

 
rogerb, you just got called out by Huey Newton here!
 
Judge_Dredd on September 4, 2014 at 9:57 PM

 
Whatever yanks his crank.
 
Walter L. Newton on September 4, 2014 at 10:03 PM

 
Walter, as a gesture of goodwill for us unfortunately getting off on such a wrong foot regarding the cheater/scroll button running joke the other day, I apologize for whatever role I may have played in you not getting the reference and anything I may have done to make you feel compelled to comment on someone else’s intelligence.

rogerb on September 5, 2014 at 7:25 AM

HealthCare.gov was hacked

…DUH!

easyt65 on September 5, 2014 at 7:51 AM

Somehow, even with my caffeine deprived and muddled brain, (that was still on my first cup of coffee) I thought Roberb was just being sarcastic.

Tinker on September 5, 2014 at 7:56 AM

An HHS official said the attack appears to mark the first successful intrusion into the website, where millions of Americans bought insurance starting last year under the Affordable Care Act. It raised concerns among federal officials because of how easily the intruder gained access and how much damage could have occurred.

First !?! We have been hearing about dozens of ventures into the healthcare.gov website since the day it when online.

The reports of those who surveyed the site indicated last October that the security was pathetic.

J_Crater on September 5, 2014 at 8:20 AM

The fact that Obamacare enrollees were hacked bothers me very little.

hillsoftx on September 5, 2014 at 8:24 AM

“Considering this administration launched HealthCare.gov over the objections of CMS, it’s unsurprising that the website has suffered a ‘malicious attack,’” Issa said in a statement. “For nearly a year, the administration has dismissed concerns about the security of HealthCare.gov, even as it obstructed congressional oversight of the issue.”

J_Crater on September 5, 2014 at 8:32 AM

I’m told they based it on a GOP internet security plan from the 90s. The one written by heritage enacted by your last presidential nominee at the state level and championed by Newt Gingrich. This security breach is obviously the conservatives’ fault.

Why do you (R)s think you can duck responsibility for it when your fingerprints are everywhere on it?

rogerb on September 4, 2014 at 9:27 PM

You either lack knowledge of Internet security, or you are a knee-jerk leftist who is willfully blind.

To this day, Healthcare.gov cannot even pass a rudimentary “valid HTML” test…much less pass the widely published PCI (Payment Card Industry) standards which EVERY OTHER WEB SITE WHICH ACCEPTS PAYMENT CARDS must pass. There are SCORES of documented cases where a casual examination of the Healthcare.gov exposed major, obvious, flaws and previously-published vulnerabilities: cases which indicate that the site design would probably get a D or an F if submitted as a Junior High School level project. No private enterprise could release such a web site for use: they would quickly be sued out of business and/or have all of their assets stolen.

Republicans had nothing to do with the security of Healthcare.gov: most of the problems can be directly traced to the totally ignorant and incompetent management installed AGAINST THE ADVICE OF MOST REPUBLICANS and most competent web professionals of every stripe by the current 100% Democrat regime which deliberately chose to ignore users’ security.

Then there is the $1 Billion dollar cost for the web site: a truly monumental example of incompetence and government waste.

landlines on September 6, 2014 at 12:32 PM