Wednesday, November 20, 2013

Healthcare.gov ‘may already have been compromised,’ security expert says

Healthcare.gov ‘may already have been compromised,’ security expert says

“And if I had to guess, based on what I can see … I would say the website is either hacked already or will be soon.”

Kennedy told FoxNews.com he based this on an analysis revealing a large number of SQL injection attacks against the healthcare.gov website, which are indicative of “a large amount” of hacking attempts.

“Based on the exposures that I identified, and many that I haven’t published due to the criticality of exposures – if a hacker wanted access to the site or sensitive information – they could get it,” he told FoxNews.com.

A spokesman for the Department of Health and Human Services, which runs the nation’s new healthcare website, did not immediately respond to a request to for more information.

One key problem facing Healthcare.gov is that security wasn’t built into the site from the very beginning, he said — an opinion shared by both Kennedy and Fred Chang, the distinguished chair in cyber security at Southern Methodist University.