Just How Vulnerable Is Healthcare.gov? SMU Prof Testifies On Cybersecurity | KERA News

Just How Vulnerable Is Healthcare.gov? SMU Prof Testifies On Cybersecurity

Nov 19, 2013

So who’s on healthcare.gov? Turns out it’s not just people searching for health care. The site is also attracting hackers — a Department of Homeland Security official told lawmakers there’s been “a handful” of attempts so far. National cyber security expert Fred Chang, who’s now a professor at SMU in Dallas, has been called to examine concerns about lack of privacy of users of the website.

Cyber security expert Fred Chang warned the congressional committee not to underestimate the motivation, and creativity of today’s cyber adversaries.

“They will find seams in the system, he said. “They will change the rules, they will attack you in ways you won’t expect. And importantly they will be patient.”

Considering the volume of sensitive data associated with healthcare.gov, Chang outlined several security threats for healthcare.gov.

Risk: Bogus Websites

“Because there is not one single websites for people to use there will be confusion and adversaries will take advantage of this confusion.”

Chang points out there are hundreds of fake websites made to look like the federal, or state health marketplaces. Just last week authorities in California took ten such sites down last week.

Risk: Complexity Of Website

Another concern for Chang is the risk associated with complexity of healthcare.gov.

“Complexity is the enemy of security. As we ask for more and more functionality and capability from our software applications, the technologists and software developers are only happy to oblige,” Chang says.

“The result is more complexity including more defects and seams and the attackers will try to exploit these.”

Concerns Overstated?

There have already been more than 40 hearings in the House on the Affordable Care Act, and several members of congress expressed their concern that this was merely another attempt to derail the President’s signature health care legislation.

California congressman Mark Takano admitted the federal rollout has been complicated, and that we must ensure American’s personal information is secure, but insisted “The law is about more than the website, it is about peace of mind for millions of Americans who need and deserve affordable coverage.”

For the six million uninsured in Texas, the search for affordable health care – and personal data security – goes on.

Watch the full hearing at the House Committee on Science, Space and Technology.