Obamacare website too vulnerable, say security experts

20 November 2013
By Tereza Pultarova
Mobile version
Share |
Some experts have said the Obamacare website would better be shut down due to security glitches

Some experts have said the Obamacare website would better be shut down due to security glitches

Obamacare website puts sensitive data of users at risk, experts have said said, recommending it to be shut down until the problems are addressed.

Speaking in front of the US congress on Tuesday, some of the questioned experts said the site needed to be completely rebuilt to run more efficiently, making it easier to protect.

With its 500 million lines of code – 25 times the size of Facebook – the HealthCare.gov website is extremely vulnerable, the experts believe.

"When your code base is that large it's going to be indefensible," Morgan Wright, CEO of a firm known as Crowd Sourced Investigations, said in a Republican-led questioning.

David Kennedy, head of computer security consulting firm TrustedSec LLC and a former US Marine Corps cyber analyst said in a written testimony some of the major security glitches of the HealthCare.gov would require at least seven to 12 months to be fixed and suggested the site would better be shut down until the problems are solved.

Earlier this month, experts revealed the site lets people know invalid user names when logging in, allowing hackers to identify user IDs.

Avi Rubin, director of the Information Security Institute at Johns Hopkins University and an expert on health and medical security, said he needed more data before calling for a shutdown of the site.

"Bringing down the site is a very drastic response," he told Reuters after the hearing. However, he admitted, he would not use the site himself because of security concerns.

It has also been revealed during the hearing that the part of the HealthCare.gov system securing financial operations is by far not ready and won’t be until at least mid-January.

According to Henry Chao, HealthCare.gov’s project manager, the unfinished technology makes up 40 per cent of the whole system.

According to insider sources, work on the back-end technology was postponed by the managers in order to allow developers to fully concentrate on the user interface prior to the website’s launch.

Julie Bataille, the spokeswoman for Centers for Medicare & Medicaid Services – a federal health agency operating the website, said the financial functions would not be needed until mid-January.

"The back-end financial management systems are something that we do not believe are essential until 2014 and we'll roll those out in those timeframes," she said.

However, the insurers will start sending the bills as soon as 1 January, claiming billions of dollars for subsidised coverage, which could possibly lead to a collapse of the fragile website.

Some experts have also suggested a program needed to confirm the identities, subsidy levels and coverage choices of individual plan enrolees would have to be in place in December, if coverage is to begin on time on 1 January.

Latest Issue

E&T cover image 1606

"Where would Frankenstein and his creative mind fit into today's workplace? Should we fear technological developments or embrace them?"

E&T jobs

  • Graduate Electrical Engineers

    AECOM
    • United Kingdom and Ireland
    • Competitive

    Due to the diverse nature of our business there are many different teams each with very different responsibilities.

    • Recruiter: AECOM

    Apply for this job

  • Network Innovation Engineer / Analyst - UK Power Sector

    Premium job

    Nortech Management Ltd
    • Birmingham, West Midlands or Pershore (Worcestershire)
    • £30,000 - £35,000 (depending on experience) + benefits

    Network Innovation Engineer / Analyst to join a team of talented technology enthusiasts who design and support the low carbon networks of the future.

    • Recruiter: Nortech Management Ltd

    Apply for this job

  • Electrical Engineer with Strong telecoms background

    Premium job

    Sure South Atlantic Ltd
    • Falkland Islands

    Sure South Atlantic Ltd currently has a unique engineering opportunity in their Falkland Islands office. Surrounded by the Atlantic Ocean, teeming ...

    • Recruiter: Sure South Atlantic Ltd

    Apply for this job

  • Cyber, Communication, Information and Data Scientist roles

    Premium job

    Dstl
    • Porton Down, Salisbury
    • Competitive salaries

    Information is everything. Use it to serve your country and help keep us safe.

    • Recruiter: Dstl

    Apply for this job

  • Production Engineer

    Premium job

    Compact Engineering
    • Thirsk / Leeds / Banbury / Colchester / Cambridge
    • Salary will be competitive and commensurate with experience, knowledge, aptitude and capability

    A Production Engineer with some knowledge and understanding of radiant energy transfer.

    • Recruiter: Compact Engineering

    Apply for this job

  • Electronics Engineer

    Premium job

    Nikon Metrology Europe
    • Tring, Hertfordshire

    Nikon Metrology is looking for an Electronics Engineer to join our Electronics Team based in Tring (UK).

    • Recruiter: Nikon Metrology Europe

    Apply for this job

  • Engineering Manager

    BAE Systems
    • Hampshire, England, Portsmouth
    • Competitive package

    Would you like to play a vital role in managing and implementing the correct governance in order to enable BAE Systems to provide assurance and integrity of supply chain data? We currently have a vacancy for an Engineering Manager - Product Integrity

    • Recruiter: BAE Systems

    Apply for this job

  • Engineering Project Manager - Electrical & Automation

    Nestle
    • York, North Yorkshire
    • c£45,000 + Car Allowance + Bonus + Excellent Benefits

    Nestlé Product Technology Centre in York currently has an excellent opportunity for an Engineering Project Manager

    • Recruiter: Nestle

    Apply for this job

  • Consultant Engineer - Test

    BAE Systems
    • Farnborough, Hampshire, England
    • Negotiable

    Consultant Engineer - Test Would you like to be a lead within an exciting team working on one of the UK's largest defence projects? We currently have a vacancy for a Consultant Engineer - Test at our site in Ash Vale. As a Consultant Engineer - Test, you

    • Recruiter: BAE Systems

    Apply for this job

  • ELECTRICAL PROJECT ENGINEER

    SSE
    • Reading, Berkshire
    • SALARY: £37,588 TO £55,669 + CAR (SSE8/9), DEPENDING ON SKILLS AND EXPERIENCE

    SSE are looking to recruit an Electrical Project Engineer into office in Reading

    • Recruiter: SSE

    Apply for this job

More jobs ▶

Subscribe

Choose the way you would like to access the latest news and developments in your field.

Subscribe to E&T