Healthcare.gov was hacked, but none of your sensitive data was stolen

[aGameOfThrones]

Hack concept with the focus on the return button overlaid with binary code

Healthcare.gov might have a dedicated team looking after its welfare thanks to its disastrous launch, but it's still not completely bulletproof. Apparently, the insurance website was hacked in July, and the perpetrator managed to slip in malware that wasn't spotted until August 25th. Before you have a panic attack, though (the website did ask for your Social Security number, among other sensitive info), the Department of Health and Human Services says no data was stolen from the breach. According to HHS spokesperon Kevin Griffis, the compromised server didn't contain personal information, because it's only used for testing and should never have been connected to the internet in the first place.

Moreover, the malware wasn't designed to steal data -- the hacker slipped it in to use the server as a puppet for denial of service attacks on other government properties. These attacks constitute taking over many, many computers so hackers can use them to redirect traffic to a single website in an effort to take it down, indicating that Healthcare.gov wasn't being targeted in particular. HHS officials say Healthcare.gov undergoes regular security scans, and they've "taken measures to further strengthen security" since the breach took place.

http://www.engadget.com/2014/09/04/h...v-hacked-ddos/

[thoughtomator]

because it's only used for testing and should never have been connected to the internet in the first place.

But you are supposed to trust that they know no data was stolen.

healthcare.gov was a security nightmare from Day 1 - I remember seeing the project plans that barely addressed security at all, except as a total afterthought. If you were to design a system to accumulate the maximum amount of extremely personal data in order to steal it, you'd end up with something damn close to what we have now.

[jjdoyle]

But you are supposed to trust that they know no data was stolen.

healthcare.gov was a security nightmare from Day 1 - I remember seeing the project plans that barely addressed security at all, except as a total afterthought. If you were to design a system to accumulate the maximum amount of extremely personal data in order to steal it, you'd end up with something damn close to what we have now.

You don't trust what your government tells you? REPORTED.

[CPUd]

But you are supposed to trust that they know no data was stolen.

healthcare.gov was a security nightmare from Day 1 - I remember seeing the project plans that barely addressed security at all, except as a total afterthought. If you were to design a system to accumulate the maximum amount of extremely personal data in order to steal it, you'd end up with something damn close to what we have now.

When it first launched, it had all kinds of js code that was commented out, but revealed sensitive information about how the site was structured.

[oyarde]

I can assure all of you , none of my data was taken from that evil website .

[Ronnyman]

They hacked Home depot, Target and several other large companies....why not the government.