It’s what no one wants to hear. Some are saying, “I told you so”, while others are wondering why they ever believed the new healthcare.gov site could be protected. Either way, news broke last week that a hacker has indeed penetrated part of the insurance enrollment website and uploaded malicious software. This, according to federal officials, has been going on since at least July. So what does the healthcare site hit with malicious software look like?
No Personal Data?
Despite admitting to malicious software being planted, federal investigators insist there is no evidence that consumers’ personal data was taken in the breach. It seems they only “accessed” a server used for testing the site. The Department of Health and Human Services discovered the attack last week.
“Our review indicates that the server did not contain consumer personal information; data was not transmitted outside the agency, and the website was not specifically targeted,” the Department of Health and Human Services said in a written statement. “We have taken measures to further strengthen security.”
Many of our clients have wondered if their information is safe. Our investigation has shown that those receiving Medicaid and/or Medicare have nothing to worry about. These servers had nothing to do with anything related to these government programs. It does, however, serve as a reminder that despite promises made – even by the president of the United States – we shouldn’t underestimate the determination of criminals who are on a mission to cause harm.
It should also serve as a reminder that the new healthcare laws are still very controversial. A recent comment made by a spokesperson for the Obama Administration said:
“A test server was uploaded with “denial of service” malware (a DDOS attack) in order to overload the server with traffic – a practice so common that it’s attempted 28 different times every hour. The healthcare.gov site itself was unharmed.”
Healthcare Site & Others – Practice Caution
That’s true, but these kinds of attacks, despite how common they are, are a danger; partly because no one knows how to stop them. It’s important to take precautions anytime we’re online, especially when it comes to sensitive information.
Avoid storing passwords online. Keep your passwords “computer free” by writing them down and then storing them somewhere that’s safe. Your estate planning attorney can help ensure your list is complete and can file it with your other estate planning documents.
Along with recent data thefts from bank J.P. Morgan Chase & Co., retailer Home Depot Inc. and the countless celebrities’ iPhones, the HealthCare.gov hack is just one bit of proof that despite an organization’s size, no one has mastered the security of the troves of data they collect from consumers.
Ten years ago, few doubted the possibility of our health profiles ever being maintained solely online. The federal government dismissed concerns of massive identity theft efforts, with many insisting security breaches in health care was something that technological minds would prevent. While the health care sector was slower to transition, hackers have most certainly not only caught up, but they now far surpass those looking to breach the global financial sector, and with it, our medical records, identities and anything else they see as valuable.