(AP Photo/J. David Ake)
Sept. 5 (Bloomberg) — The HealthCare.gov website that had an error-plagued debut last year was hacked in July, although no personal data appear to have been taken, according to the U.S. Centers for Medicare and Medicaid Services.   The attack, discovered Aug. 25 and disclosed yesterday, marks the first known intrusion into the federally run website. The breach revived complaints from Republican lawmakers about the online portal through which consumers shop for health insurance as required under the 2010 Affordable Care Act.   “Our review indicates that the server did not contain consumer personal information,” Aaron Albright, an agency spokesman, said yesterday in an e-mailed statement. “We have taken measures to further strengthen security.”   Last year, programming and hardware errors kept the website from working for most Americans for two months after it went live as part of the rollout of the 2010 law, also known as Obamacare. Health and Human Services Secretary Kathleen Sebelius publicly acknowledged it was a “debacle,” and she resigned from the department, which oversees CMS, on April 10.   The July attack exploited a test server used to support the website and was never intended to be connected to the Internet, Albright said. The server was protected with only a default password.   “Shame on the U.S. government for allowing this to happen,” Jon Clay, a security manager with the network security company Trend Micro Inc., said in a phone interview. “We paid how many millions to put this thing up and a default password was used on a server?”   Homeland security   One of the first things a hacker will do after getting inside a network is check for default passwords, Clay said. A default password, often a simple word such as “admin,” is established by developers and is intended to be changed by a user for security.   “Even if it’s not connected to the Internet, if it’s connected to the network that other Internet-facing systems are on, then its connected to the Internet,” Clay said. “You have to ask where is the auditing being done to audit all the systems that are in place within that network.”   The Homeland Security Department investigated the attack, agency spokesman S.Y. Lee said in an e-mail.   The department concluded that one machine was infected with malware intended to attack other websites with denial-of-service attacks that flood servers with traffic to knock them offline.   Representative Darrell Issa, a California Republican and chairman of the House Oversight and Government Reform Committee, seized on the attack and called on CMS Administrator Marilyn Tavenner to testify before his panel on Sept. 18.   “For nearly a year, the administration has dismissed concerns about the security of healthcare.gov, even as it obstructed congressional oversight of the issue,” Issa said in a statement.

Copyright 2018 Bloomberg. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.

Complete your profile to continue reading and get FREE access to BenefitsPRO.com, part of your ALM digital membership.

Your access to unlimited BenefitsPRO.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:

  • Critical BenefitsPRO.com information including cutting edge post-reform success strategies, access to educational webcasts and videos, resources from industry leaders, and informative Newsletters.
  • Exclusive discounts on ALM, BenefitsPRO magazine and BenefitsPRO.com events.
  • Access to other award-winning ALM websites including ThinkAdvisor.com and Law.com

Already have an account?


BenefitsPro Broker ExpoEvent

BenefitsPro Broker Expo will help attendees prepare for new issues, embrace new challenges and find new solutions.

Get More Information


Join BenefitsPRO

Don’t miss crucial news and insights you need to navigate the shifting employee benefits industry. Join BenefitsPRO.com now!

  • Unlimited access to BenefitsPRO.com - your roadmap to thriving in a disrupted environment
  • Access to other award-winning ALM websites including ThinkAdvisor.com and Law.com
  • Exclusive discounts on BenefitsPRO.com and ALM events.

Already have an account? Sign In Now
Join BenefitsPRO

Copyright © 2023 ALM Global, LLC. All Rights Reserved.