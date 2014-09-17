Sept 16 HealthCare.gov, President Barack Obama's
health insurance exchange, has security and privacy protection
vulnerabilities, a U.S. government watchdog reported on Tuesday,
nearly a year after the website's troubled rollout.
The General Accounting Office (GAO) said that despite steps
taken by the Centers for Medicare & Medicaid Services (CMS) for
security and privacy protection, weaknesses remain in the
processes used for managing information security and privacy.
The GAO also identified issues regarding the technical
implementation of IT security controls.
"Until these weaknesses are addressed, increased and
unnecessary risks remain of unauthorized access, disclosure, or
modification of the information collected and maintained by
Healthcare.gov...", the GAO said.
The report follows a security breach on the website in
August. An unknown computer hacker infiltrated the
HealthCare.gov website, apparently uploading malicious files.
"The president and his administration launched
HealthCare.gov knowing that the personal information of
Americans who bought insurance through the website was not
safe. Their personal information was not safe then, and it is
not safe now," Senator Lamar Alexander said in a statement.
The report says most of the issues could be attributed to
disagreements about security roles and responsibilities with the
various contractors, states and federal agencies that are part
of the HealthCare.gov system.
"Someone should be held accountable for this kind of gross
mismanagement, and security must be fixed immediately before a
major hacking attack does massive damage," Alexander said.
(Reporting By Krishna Chaithanya; Editing by Ken Wills)