During a US House of Representatives Science Committee hearing last week, cybersecurity researchers described that the Affordable Care Act’s healthcare website, HealthCare.gov, is still susceptible to security issues, which could put patients’ sensitive health information at risk.
David Kennedy, president and CEO of information security firm TrustedSec, LLC is one of the individuals who testified last Thursday. He previously testified on November19. In November, Kennedy identified 18 major security issues with HealthCare.gov without even hacking into the site. During last Thursday’s hearing, Kennedy stated said only half of the 18 issues had been remedied. He also testified that since he last testified, he has learned about additional security problems with the website. Without disclosing the specifics on these issues, Kennedy cited deficiencies regarding the disclosure of patient user profiles and the ability for individuals without proper credentials to access eligibility reports for patients. Michael Gregg and Waylon Krush, individuals from other security consulting firms, also testified during the hearing. Gregg agreed with Kennedy’s assessment of the risk for patient information to be accessed by unauthorized individuals. Krush, however, disagreed with Kennedy and Gregg and stated that he would put his personal information on the site.