Fears over the security of federal health insurance exchange site HealthCare.gov have been confirmed. According to reports confirmed by the Department of Health and Human Services, a hacker broke into the site and uploaded malicious software in July.
Despite the breach, federal officials stressed that there is no evidence the hacker gained access to consumers’ personal data. Only a server used to test code for HealthCare.gov was breached.
“Our review indicates that the server did not contain personal information; data was transmitted outside the agency, and the website was not specifically targeted,” the HHS said. “We have taken measures to further strengthen security.”
The software was designed to launch denial-of-service attacks, which would have caused the website to flood with traffic until it crashed. It was not discovered until Aug. 25, when a maintenance team was performing a routine security test.
According to a Wall Street Journal report, the breached server was connected to what officials termed "more sensitive parts" of HealthCare.gov that boasted better security protections. It is not known what else the hacker viewed or if access to other information was gained.
The news comes as independent agents and brokers prepare for the second open enrollment season, assisting clients in purchasing health insurance.
In an earlier interview, Jim Quiggle of the Coalition Against Insurance Fraud told
Insurance Business America hacking is not the only potential danger consumers face when dealing with online health insurance exchanges.
“Agents and brokers will need to be highly informed consumer advisors who can spot a fake navigator or a fake website…and proactively warn their clients about all the scams they could be facing,” Quiggle said. “The consumers are going to look to them to be an informal kind of navigator who can help them through the exchange website and answer questions if they start getting suspicious email or phone calls.”
Fake exchange websites are also a problem. These seemingly authentic websites, with domain names very similar to the official state or federal site, require users to input financial information in order to become “enrolled.”
You may also enjoy: "Obama administration appoints HealthCare.gov CEO"
"Why ACA's auto-enroll tool might not be best for your clients"
"Expect more tech glitches in year two of Obamacare, official says"
