ADVERTISEMENT

Exclusive: Expert to Warn Congress of Healthcare.Gov Security Bugs

November 19, 2013

By Jim Finkle

BOSTON (Reuters) - A respected security expert will warn Congress on Tuesday that the Obama administration's healthcare website has security flaws that put user data at a "critical risk," despite recent government assurances the data is safe.

"There are actual live vulnerabilities on the site now," David Kennedy, head of computer security consulting firm TrustedSec LLC, told Reuters ahead of his testimony at a Congressional hearing on the topic "Is My Data on HealthCare.gov Secure?"

Kennedy, a former U.S. Marine Corps cyber-intelligence analyst, said his firm has prepared a 17-page report describing some of the problems. It does not go into specifics in some areas, he said, because that could provide criminals with a blueprint for launching attacks.

"There is a lot of stuff that we are not publicly disclosing because of the criticality of the findings," he said. "We don't want to hurt people."

Kennedy and other security experts have warned that vulnerabilities on the site pose risks to the security of user data since shortly after its October 1 launch.

At the end of last month, a September 27 government memorandum surfaced in which two U.S. Department of Health and Human Services officials said the security of the site had not been properly tested before its launch, creating "a high risk."

When the memo surfaced on October 30, government spokeswoman Joanne Peters said steps had been taken to ease security concerns since the memo was written, and that consumer data was secure.

"When consumers fill out their online Marketplace applications, they can trust that the information they're providing is protected by stringent security standards and that the technology underlying the application process has been tested and is secure," she said at the time.

Peters said on Tuesday she could not immediately comment on Kennedy's findings.

(Reporting by Jim Finkle in Boston; Editing by Michele Gershberg and Jeffrey Benkoe)