Obamacare Site Hacked

[Mr.Bitty]

Not so safe after all...if they can hack the site, they can hack your personal information


Obamacare Site Hacked

http://personalliberty.com/obamacare-site-hacked/


Reports surfaced Thursday that a hacker was able to breach the federal healthcare website many Americans have trusted with personal information to upload malicious software in an effort to use the website to launch cyberattacks. Officials reportedly only learned about the July 8 hacking of the Healthcare.gov website last week.

Via MarketWatch:  http://www.marketwatch.com/story/hacker-breached-healthcaregov-insurance-site-2014-09-04-161031834?

    Investigators found no evidence that consumers’ personal data was taken in the breach, federal officials said. The hacker appears only to have accessed a server used to test code for HealthCare.gov. The Department of Health and Human Services discovered the attack last week.

    An HHS official said the attack appears to mark the first successful intrusion into the website, where millions of Americans bought insurance starting last year under the Affordable Care Act. It raised concerns among federal officials because of how easily the intruder gained access and how much damage could have occurred.

    “Our review indicates that the server did not contain consumer personal information; data was not transmitted outside the agency, and the website was not specifically targeted,” the Department of Health and Human Services said in a written statement. “We have taken measures to further strengthen security.”

The breach of healthcare website, which has already been at the center of plenty of bad press, is likely to cause big problems for the Obama Administration ahead of the Nov. 15 kickoff for Obamacare open enrollment.

House Oversight and Government Reform Committee chairman Darrel Issa (R-Calif.) has called on Centers for Medicare and Medicaid Services Administrator Marilyn Tavenner to testify before Congress about the website’s security.

“For nearly a year, the administration has dismissed concerns about the security of HealthCare.gov, even as it obstructed congressional oversight of the issue,” he said in a statement. “The committee will continue to push for answers from the administration and Administrator Tavenner must testify on the subject of transparency, accountability, and information security alongside the Government Accountability Office at our September 18th hearing.”

[zolace]

After obama ripped into US companies that got hacked do you really believe the "officials" on his team would admit that any personal data had been breached? I don't, obama and team have lied far too many times for me to believe anything any of them say.

[noviapriani]

Hacked back on 8 July...and they only realize it a week ago?

Pathetic.

After all the warnings, anyone that submits personal info (DOB, SSN, Address, income..etc) on that for shit website, deserves what they get. Hacked.

[umair127]

Hacked back on 8 July...and they only realize it a week ago?

Pathetic.

After all the warnings, anyone that submits personal info (DOB, SSN, Address, income..etc) on that for shit website, deserves what they get. Hacked.

But you have to remember they are forced by law to sign up and give all their data regardless of how unsecure the site is. obama could have negotiated a delay in the rollout to avoid all the problems but he refused to negotiate, refused to compromise and demanded that Americans sign up and take the risk or be fined and punished by his law.

[sana8410]

The hysterical reaction here really shows that a lot of people have no idea about how things work in data security.  Hackers make inroads to servers every day - literally. The e is absolutely no such thing as a 100% secure computer. And within networks, there are multiple levels of security. Forward facing servers - the ones you actually connect to when you go to a web site - are placed in what's called a DMZ.  Servers in there are known to be vulnerable to attack - they are less protected by security than other servers that actually contain sensitive data.  The main servers that house sensitive data are deeper in the network, with no direct access from the internet.  And you really can't access their data "through" a DMZ web server. That's not how it works. a Hacker would have to actually take control of the web server to use it's connection to the inside to communicate with the more secure servers. And even then, they'd have to hack the security in THOSE links as well, and somehow bypass the Intruder Detection Systems to access sensitive data. This did not happen. What happened here is that the system worked - a hacker found a vulnerability (and there will ALWAYS be vulnerabilities) in a forward facing web server. The hack was discovered two weeks ago - and it went no further than the web server itself.  The hack was discovered, and it was dealt with. That's how data security works. We hack our own systems - both in test labs and in the wild, always searching for new vulnerabilities. And they always exist on some level. Data security is not about being totally unbreachable, it's about a balance between that and reaction time to breaches. In this case, a hacker got some malicious code onto a web server. The hack was discovered, no data was at risk and the breach was mitigated. The system worked.

[itsAj]

Hacked back on 8 July...and they only realize it a week ago?

Pathetic.

After all the warnings, anyone that submits personal info (DOB, SSN, Address, income..etc) on that for shit website, deserves what they get. Hacked.

But you have to remember they are forced by law to sign up and give all their data regardless of how unsecure the site is. obama could have negotiated a delay in the rollout to avoid all the problems but he refused to negotiate, refused to compromise and demanded that Americans sign up and take the risk or be fined and punished by his law.

This is constant with how Obama operates. He always will refuse to compromise and will only have it his way. As a result nothing will ever get done and he will make law (unconstitutionally) via executive orders.

[Spendulus]

The hysterical reaction here really shows that a lot of people have no idea about how things work in data security.  Hackers make inroads to servers every day - literally. The e is absolutely no such thing as a 100% secure computer. And within networks, there are multiple levels of security. Forward facing servers - the ones you actually connect to when you go to a web site - are placed in what's called a DMZ.  Servers in there are known to be vulnerable to attack - they are less protected by security than other servers that actually contain sensitive data.  The main servers that house sensitive data are deeper in the network, with no direct access from the internet.  And you really can't access their data "through" a DMZ web server. That's not how it works. a Hacker would have to actually take control of the web server to use it's connection to the inside to communicate with the more secure servers. And even then, they'd have to hack the security in THOSE links as well, and somehow bypass the Intruder Detection Systems to access sensitive data. This did not happen. What happened here is that the system worked - a hacker found a vulnerability (and there will ALWAYS be vulnerabilities) in a forward facing web server. The hack was discovered two weeks ago - and it went no further than the web server itself.  The hack was discovered, and it was dealt with. That's how data security works. We hack our own systems - both in test labs and in the wild, always searching for new vulnerabilities. And they always exist on some level. Data security is not about being totally unbreachable, it's about a balance between that and reaction time to breaches. In this case, a hacker got some malicious code onto a web server. The hack was discovered, no data was at risk and the breach was mitigated. The system worked.

Because this is a very logical exposition of the way that data security should work, I know that's not how it happened in this case.

Because its government.

Becuase it's obamacare.

[FortuneJack]

any personal info stolen?

[DubFX]

any personal info stolen?

You can not know that and i doubt that even if that happend, US goverment would admit it. They would just try sweppting it under the carpet and pretend that nothing actually happend.

[koshgel]

The hysterical reaction here really shows that a lot of people have no idea about how things work in data security.  Hackers make inroads to servers every day - literally. The e is absolutely no such thing as a 100% secure computer. And within networks, there are multiple levels of security. Forward facing servers - the ones you actually connect to when you go to a web site - are placed in what's called a DMZ.  Servers in there are known to be vulnerable to attack - they are less protected by security than other servers that actually contain sensitive data.  The main servers that house sensitive data are deeper in the network, with no direct access from the internet.  And you really can't access their data "through" a DMZ web server. That's not how it works. a Hacker would have to actually take control of the web server to use it's connection to the inside to communicate with the more secure servers. And even then, they'd have to hack the security in THOSE links as well, and somehow bypass the Intruder Detection Systems to access sensitive data. This did not happen. What happened here is that the system worked - a hacker found a vulnerability (and there will ALWAYS be vulnerabilities) in a forward facing web server. The hack was discovered two weeks ago - and it went no further than the web server itself.  The hack was discovered, and it was dealt with. That's how data security works. We hack our own systems - both in test labs and in the wild, always searching for new vulnerabilities. And they always exist on some level. Data security is not about being totally unbreachable, it's about a balance between that and reaction time to breaches. In this case, a hacker got some malicious code onto a web server. The hack was discovered, no data was at risk and the breach was mitigated. The system worked.

But but but this is another opportunity to attack Obama? I wanted to jump on the bandwagon

People would rather hate than know the facts

[TimeWatch]

Nothing is bulletproof in this world.One will find a way in no matter how safe a platform would be .This applies to bitcoin as well.Anything is hackeable

[FortuneJack]

Nothing is bulletproof in this world.One will find a way in no matter how safe a platform would be .This applies to bitcoin as well.Anything is hackeable

That's right, even the Pentagon

[DrG]

Did the hackers manage to find any misplaced emails?  I hear several agencies are having a real hard time retaining their data, maybe the hackers could help the government with backups