Cybersecurity expert and TrustedSec CEO David Kennedy blasted HealthCare.gov’s security features, saying no security was ever built into the website.
"When you develop a website, you develop it with security in mind. And it doesn't appear to have happened this time," Kennedy said, appearing on CNBC’s Squawk Box. "It's really hard to go back and fix the security around it because security wasn't built into it."
Kennedy concluded that it would take "multiple months to over a year to at least address some of the critical-to-high exposures on the website itself."