If ObamaCare Lost Your Personal Data, Would You Even Know?
David Kennedy is a cybersecurity expert who runs a computer security firm called TrustedSec, LLC. He is in the news because of his expert testimony to Congressional committees on the security of healthcare.gov, the website to which people go to apply for ObamaCare health insurance if they are in a state with a federal health-insurance exchange.
Kennedy’s basic message is that there is no effective security of personal data that is submitted to healthcare.gov. He is a so-called “white-hat” hacker: Companies hire him to hack into their computers and then tell them how to fix the entry points he discovers. One can reasonably expect that he knows what he is talking about.
Some in the media resist his warnings. Media Matters, for example, insists that we are to believe the claims of the website’s own cybersecurity expert ― a government employee ― that everything is hunky-dory.
Between November 27 and December 15, the supermarket Target suffered a breach that allowed hackers access to online customers’ credit-card and shopping data. The company immediately announced the problem, and is taking steps to address the consequences. It has a specific website that explains what it is doing to respond to the breach and future threats.
As a private company, Target cannot afford to irritate its customers. The federal government faces no such constraint. Last December, the Government Accountability Office (GAO) published a report titled Agency Responses to Breaches of Personally Identifiable Information Need to Be More Consistent.
The report is an eye-opener. Between 2009 and 2012, the number of reported data breaches (affecting personally identifiable data) almost doubled from about eleven thousand to about twenty-two thousand.
The Center for Medicare & Medicaid Services (CMS), which now runs ObamaCare was one of the agencies examined by the GAO. CMS did not assess the likely risk of harm and level of impact of a suspected data breach in order to determine whether notification to affected individuals is needed. Further, according to GAO, “CMS did not document a risk level for 56 of the 58 incidents we reviewed” during the period.
That is: CMS did not bother to even assess the risk of exposing personally identifiable data for 97 percent of security breaches it experienced. And it does not (cannot) notify possibly affected individuals.
And the period examined finished almost two years before healthcare.gov opened for business. Last October, CMS began enrolling people at healthcare.gov. Millions have already surrendered personal data to the website.
How many have had their personal data compromised? We don’t even know when they will know.
A perfect example of how what you don’t know can hurt you.
If it;s not safe for congress why is it safe for us
shhh don’t let them know you’re onto them
“As a private company, Target cannot afford to irritate its customers. The federal government faces no such constraint.”
Fantastic. This is what we get with non-elected officials. All the agencies sitting alongside the King
The belief that elected officials should appoint people because they were elected themselves is ludicrous.
So much hatred for the supreme court
Especially by me
“The report is an eye-opener. Between 2009 and 2012, the number of reported data breaches (affecting personally identifiable data) almost doubled from about eleven thousand to about twenty-two thousand.”
Well of course, the number of hackers has gone up since the media decides to publicize their actions so much.
It’s become quite a well known field now, especially since anyone with a computer can access programs to be a hacker.
4chan is the new it place if you want to become a hacker
“CMS did not assess the likely risk of harm and level of impact of a suspected data breach in order to determine whether notification to affected individuals is needed.”
It seems the CMS is not a big fan of criticism.
Judging from their lack of testing that’s a definite yes.
Maybe if they ignore it long enough it will go away
“Media Matters, for example, insists that we are to believe the claims of the website’s own cybersecurity expert ― a government employee ― that everything is hunky-dory.”
How about not?
“Trust us, we’re the government!” yeahhh….about that…