Online Health Exchanges: How Secure?

  /     /     /  
Publicated : 22/11/2024   Category : security


Online Health Exchanges: How Secure?


Is the data hub created by Obamacare a hackers dream?



Online health insurance exchanges debuted on Tuesday, and millions of Americans visited the sites to assess their eligibility for different plans and attempt to sign up. But the demand on the exchange portal sites apparently exceeded many state officials expectations, leading to intermittent portal outages.
Fourteen states, plus the District of Columbia, are running their own health exchanges, as is the federal government, which is operating the
HealthCare.gov exchange
on behalf of more than 30 other states. One lingering question, however, concerns not just the long-term uptime and availability that consumers should expect from these exchanges, but whether they can handle peoples personal data in a manner that maintains privacy while keeping it safe from hackers.
Already, systems being used to facilitate the
Patient Protection and Affordable Care Act
(ACA) -- aka Obamacare -- have been criticized as posing a large security risk because theyre designed to handle numerous peoples personal information. In the wrong hands, that data could prove lucrative for identity thieves or anyone who wanted to resell personal information on the underground market.
[ The closure of the federal government has broad implications on IT. Read more at
Government Shutdown: What Are IT Systems Risks?
]
One particular concern is that the systems data hub -- a tool for routing a health exchange applicants information to relevant government agencies, including the Internal Revenue Service -- will put peoples personal information at risk.
This data hub is a hackers dream, alleged Rep. Kevin Brady (R-Texas) during an August House hearing involving top IRS and health department officials,
reported
the
Houston Chronicle
. And Im not sure who I most fear, someone from the outside or the government, he added, referring to the scandal that erupted earlier this year, when the IRS confirmed that a top official had been
subjecting Tea Party groups
to extra scrutiny when they applied for tax-exempt status.
Regardless of the politics at play, can the IRS be trusted with this information? To be sure, the agency has logged more than one data breach on its watch, and earlier this year, the Government Accountability Office reported that
IT security holes
in IRS networks were still putting taxpayer data at risk.
Furthermore, multiple government agencies will have access to some information as it gets routed through the data hub, said Christopher Rasmussen, a healthcare and privacy policy analyst for the Center for Democracy and Technology, in a July
blog post
. For example, an individuals eligibility for a federal subsidy to purchase health insurance requires verification of income and family size from the Internal Revenue Service (IRS), immigration status from the Department of Homeland Security (DHS) and incarceration status from the Social Security Administration (SSA), he said. Insurance companies will also use a single portal -- run by the Centers for Medicare & Medicaid Services (CMS) -- that gives them access to some of that information.
But CMS administrator Marilyn Tavenner
emphasized to Congress
in July that the data hub, which her agency administers, has been designed to keep peoples personal information secure as well as private. Notably, she said, the hub will not store or retain any data used for vetting applications, but merely route it to its appropriate destination.
The data hub is designed to query -- and pass along to insurance marketplaces -- only the minimum amount of information necessary from each government database to facilitate applicant enrollment, Rasmussen said.
Furthermore, after some delays, the CIO of CMS last month
certified that the system is safe
. Tavenner, meanwhile, has said that all CMS administrators have received thorough information security and privacy training.
Those preparations aside, states are really the ones on the security hook, given that theyre running the health portals that comprise the
Health Insurance Marketplace
. Accordingly, the concern voiced by Rep. Brady of Texas -- over IRS involvement -- doesnt get to some of the larger security questions at play, such as
whether states can be trusted
to secure their residents health exchange information.
Earlier this year, government technology journalist Alex Howard -- whos lauded Healthcare.gov for its
clear design and use of open source technology
-- singled out states as a potential weak point in the health exchange ecosystem. My sense is that people are very nervous [about the potential for exploitable vulnerabilities -- and hack attacks -- against one or more of the exchanges being operated], Howard
told

Slate
.
Indeed, what if a group such as the Syrian Electronic Army managed to find and exploit
some unforeseen vulnerability
?
Then again, this isnt the first foray by the IRS, CMS, DHS, SSA and other agencies into handling peoples personal information. Furthermore, should any one exchange suffer a hack attack, the data hub routing and multi-state exchange model means that its extremely unlikely that the whole system would come crashing down.

Last News

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Online Health Exchanges: How Secure?