Serious security flaws found in Obamacare websites in three states

Please consider donating to Behind the Black, by giving either a one-time contribution or a regular subscription, as outlined in the tip jar to the right. Your support will allow me to continue covering science and culture as I have for the past twenty years, independent and free from any outside influence.

Finding out what’s in it: Federal investigators have found significant security problems with the Obamacare health insurance websites in the states of California, Kentucky, and Vermont.

The GAO report examined the three states’ systems from October 2013 to March 2015 and released an abbreviated, public version of its findings last month without identifying the states. On Thursday, the GAO revealed the states’ names in response to a Freedom of Information request from the AP.

According to the GAO, one state did not encrypt passwords, potentially making it easy for hackers to gain access to individual accounts. One state did not properly use a filter to block hostile attempts to visit the website. And one state did not use the proper encryption on its servers, making it easier for hackers to get in. The report did not say which state had what problem.

According to the story, it appears that nothing has been done in two of the three states to fix the problem. Worse, the study suggests similar problems exist at other state websites.

Hey, let’s solve the problem by voting for Clinton or Sanders! Both say the solution is to give the governments that screwed up here more power, money, and control. What could go wrong?


  • Cotour


    Obamacare, “climate change”, cap and trade, and now the “prepping” of the world for a new U.N. treaty regulating ALL of the oceans of the world etc.



    The further surrendering of American sovereignty? Organizing the world? What could go wrong?

    I could make an argument for such arrangements on one level, but where do such arrangements really lead?

  • Edward

    From BSJ’s article: “And I feel confident that VHC is among the most secure systems that the state operates.”

    Why am I not reassured that this makes it at all secure?

    From Robert’s article: “Regulators said that given the number of weaknesses they discovered in just the three states studied …”

    They studied only three states? Only?

    Holy [ahem]! At this rate, 100% of the states have serious security problems. How is it that the state governments are so poor at security? It is like building a records office and failing to put locks on the filing cabinets … and doors. Or maybe even failing to put doors on the building.

    We would expect such examples of complete incompetence to only come from a government program.

    Oh, wait.

  • BSJ

    VT sucks at IT! I don’t believe them when they say it’s secure.

    This is the second time they’ve created an exchange. They spent millions on the first attempt, then fired the same firm that set up the National system when they failed to get anything to work.

    NO ONE was held accountable for screwing it up either. Paid them extra in fact…

  • When I taught computer systems for trade schools and university, there were government info workers and private industry workers in my classes. At the end of the day, most of the private industry workers took their books home and came back to class prepared. None of the government workers ever took the books off the desk until the class ended. They only wanted the certificate to evidence a new skill and support another pay raise. I think of this when reading about OPM getting hacked, and Obamacare webs are fresh meat for stealing info. Government workers don’t implement these systems, that is done by contractors, but after launching they manage/maintain the active site.

  • Edward

    EdsHeadSciFi wrote: “Government workers don’t implement these systems, that is done by contractors …”

    I agree, except that contractors tend not to implement systems that they are not paid to implement. Not only is there no return for the additional cost and complexity, it may even violate the requirements document and the contract.

    I am not surprised that government workers are only looking for the certificate and not the skill. It reminds me of typical union teachers at (government-run) public schools. They get more pay for higher degrees, such as Masters Degrees, even though they will not use the additional knowledge to teach the fixed curriculum.

Leave a Reply

Your email address will not be published. Required fields are marked *