HealthCare.gov Portal Suffers Data Breach Exposing 75,000 Customers (gizmodo.com) 70
An anonymous reader quotes a report from Gizmodo: Sensitive information belonging to roughly 75,000 individuals was exposed after a government healthcare sign-up system got hacked, the Centers for Medicare & Medicaid Services (CMS) said on Friday. The agency said that "anomalous system activity" was detected last week in the Direct Enrollment system, which Americans use to enroll in healthcare plans via the insurance exchange established under the Affordable Care Act -- also known as Obamacare. A breach was declared on Wednesday. It's unclear why the agency, which is part of the U.S. Department of Health and Human Services, chose to not announce the incident sooner. Officials said the hacked portal is used by insurance agents and brokers to help Americans sign up for coverage and that no other systems were involved. The affected system has been disabled. CMS said it hoped to restore it before the end of next week. "I want to make clear to the public that HealthCare.gov and the Marketplace Call Center are still available, and open enrollment will not be negatively impacted," CMS Administrator Seema Verma said in a statement. "We are working to identify the individuals potentially impacted as quickly as possible so that we can notify them and provide resources such as credit protection."
Deja vu (Score:3, Informative)
Re: (Score:2)
Sure, but in this case, it's " déja lu ".
Re: (Score:2)
Or no list! :(
Re: (Score:2)
"Presumably this is just the world we live in. There doesn't seem much info in the article,..."
(Gasp) You read the article?
Vade retro Satanas!
Re: Nothing exciting or? (Score:2)
There's no reason for it to be the world we live in. We make it cheaper for companies to be failures than successes, but that's a choice and not every country makes the same choices.
All we need are the well-regulated markets advocated by Adam Smith, where regulations protect personal information, mandate minimum standards of operation and require a warranty for fitness of purpose in software.
Re: (Score:2)
I... think several of my past jobs qualify as working in security. And nobody works to be OSI compliant, at least not in any of the projects I've worked on. I doubt most people know any relevant OSI standards.
Re: (Score:1)
I must have missed the part where 'something fantastic' was proposed by the Republicans. When was that? Can you provide a link to the fantastic healthcare plan they proposed?
Also, seems like the GOP has a majority in both houses of Congress. Why did the support of the Democrats matter at all? Thx.
Re: (Score:2)
The Republicans almost voted to return health care to the states which would have been a fantastic solution. The reason why it didn't happen was because every single Democrat voted against it and 60 votes are required to get things done in the Senate.
Which is why each state has separate car companies (Score:5, Insightful)
> Trading across state lines won't help, it becomes a race to the bottom
Exactly. That's why each state has to have separate car companies, separate food companies, separate smartphone manufacturers - and separate insurance companies.
If you let people in Oregon buy a phone made in California, or a truck made in Texas, or fruit grown in Florida, you know it'll be garbage.
I say people should only be allowed to do business with companies in the same state, to avoid this race to the bottom. The fabulous success of this policy for health insurance demonstrates why we should do the same thing for all products and services.
Re: Which is why each state has separate car compa (Score:2)
You do understand that whilst different cars have different performance characteristics making them suitable for different conditions, there's really only one treatment for a broken leg, one treatment for any given bacterial infection, one sort of x-ray, one design of ambulance.
Not really a situation that applies to cars, toothbrushes or music.
Re: (Score:2)
So what you're saying is that a vehicle that is optimum to drive up a snowy mountain in Colorado is different than one optimized for cruising Miami Beach, right? So to some extent, it kinda makes sense to have different cars for different states?
On the other hand, the treatment for a broken leg in Colorado is exactly the same as the treatment for a broken leg in Florida, so prohibiting people in Colorado from choosing health insurance from a company in Florida is utterly ridiculous on its face?
Re: (Score:2)
I would agree with you, as far as you've gone, yes. There's nothing intrinsic about a Florida insurance company that means it can't handle a Colorado claim.
This whole in-State/out-of-State thing is, as you rightly point out, a red herring, a most scarlet fish of our times. That's not where the issues lie and there should be no constraints there.
Re: (Score:3)
We already have health insurance companies selling across state lines. I can start a health insurance company in Alaska, and sell health insurance in Florida.
The only caveat is that I have to comply to Florida law for the insurance policies I sell in that state.
What Republicans want to do is make it so I can set up shop in Alaska and sell insurance policies to Florida that comply with Alaskan law. And this is where we have already seen a race to the bottom in another field: Credit cards.
Until a few
Re: (Score:1)
Republicans: people being able to chose the type of health care that they want is good.
Democrats: people having no choice and being force to use a government run health care is good.
Re: (Score:2)
That is a silly comparison. The real issue is how much of an entitlement people have to healthcare, and how much other people should pay to provide it.
Democrats generally support broadening the entitlement, and perhaps making it universal, but are not clear who will pay, how generous the system will be, or how we can transition from the bloated and expensive system that we have now.
Republicans generally support keeping Medicare (healthcare for old people), Medicaid (healthcare for poor people), and the VA
Re: Seriously?? (Score:2)
The issue isn't a week. The issue is that there was a serious defect resulting in personally identifying information (PII) being exposed, showing inadequate testing, and that identification of the flaw took however many years the service has been online.
This is mission-critical software in which failures could potentially cause tens of millions of dollars damage. There are certain Federal requirements for such software, including ISO 900x. It is also running via the Federal government, which imposes FIPS, t
Wish we could stop calling it Obamacare (Score:3)
For instance, you're more likely to be killed by pollution (200,000 early deaths per year [mit.edu]) than an undocumented immigrant (750 per year [snopes.com]). However, our administration wants to spend money building a wall to protect you from the "dangerous" Mexicans, but doesn't mention anything about how many people die from pollution when announcing cuts to emissions standards.
(The 750 number is 456 arrests per year, plus an estimated correction factor due to cases not being solved.)
Re: Wish we could stop calling it Obamacare (Score:3)
King John wanted a fiscal wall. Ruined his country trying. The barons stepped in and forced him to allow merchants, traders and other workers to cross the border freely except in times of war, and to never deprive a worker of the tools of their trade.
Easy to improve countries to the south. Want a step by step guide?
1) Don't finance or operate death squads there
2) Hold businesses responsible for crimes overseas, as permitted by US law
3) Don't overthrow elected governments
4) Don't supply them with weapons
5) E
Re: (Score:1)
To 6 - AFAIK, chemical addictions actually require medical treatments and medication. The kind of addiction where your body convulses vomits shits when you quit the drug. For other kinds of habitual addiction or whatever it’s called.. geez it’s still cheaper to treat anyone earlier than later.
Re: (Score:2)
That sort of treatment really aught to be done in psych facilities, the person needs to be monitored by people who understand pharmacology in relation to the brain and which effects are good versus really bad. That's the province of the pdoc.
That treatment, yes, should be early and covered. And strictly done by people who know what they're doing.
Re: Wish we could stop calling it Obamacare (Score:2)
It wasn't even devised by Obama, it was devised by Mitt Romney. Obama notably refused to offer suggestions and asked Congress to devise their own proposals. Romney's, with Republican amendments, was the one accepted.
Re: Wish we could stop calling it Obamacare (Score:1)
Unless you can produce 1.2 million court cases, it's reasonably certain that that never happened. I doubt the IRS really claims it, either. But don't let racism, xenophobia and an inability to learn foreign languages from deterring you.
Re: (Score:2)
If you follow that link to its source at the right-wing CNS ("right news, right now"), you will find that the answers from the IRS about identity theft have nothing to do with immigrants or illegal aliens, and make no mention of them. You took a story about one thing and made it about something else to fit your purposes.
You have to learn to use higher-quality fake news sites.
Re: (Score:2)
That being said, I should have framed this slightly differently: cost to resolve the issues. If the US co
Re: Wish we could stop calling it Obamacare (Score:2)
Same in Dr's offices (Score:1)
Re: Same in Dr's offices (Score:2)
Ever tried to read a doctor's handwriting? There's no better cryptography. Nobody is allowed to stand near taking notes, anyway, and even if they did they'd be on CCTV.
Thing with computers and data, a billion copies can be made as easily as one, by a million different people, all in different parts of the world, with absolutely nothing to stop them or identify them.
Slight difference in accountability, access control and scale.
So, aside from being utterly wrong in every respect... you're wrong. Nice to know
Re: (Score:1)
Re: (Score:2)
The bastards expose all your info in open files in paper documents. How unsafe is that ? Imagine being a jan who knows to make use of this !!
You must not do much work in doctor's offices. A doctor's office still using paper records, a fax machine, and a locked filing cabinet is probably keeping your records safer than at least half of the doctor's offices which use computers. On my to-do list before the end of the year is to try and get a doctor to upgrade his computer systems from Windows XP and an ISP-distributed router. Yes, in 2018, I'm still doing that because everything has 'just worked' for years and years; to a certain degree I can't fau
Re: (Score:1)
Re: (Score:2)
For many doctor's offices with EMR systems, paper files in locked cabinets would probably be an improvement for security.
Well.... (Score:1)
Trump, McConnell, and Ryan: "If we can't repeal the ACA, lets destroy the legitimacy of the system by running it like idiots and allowing hackers to break in"
Anyone who has followed the history of this site (Score:3)
should only be surprised that it took this long for this sort of steaming pile [trustedsec.com] to be breached. Or in a way that left enough breadcrumbs for someone to notice, anyway.
Don't Hesitate! (Score:1)
"I want to make clear to the public that HealthCare.gov and the Marketplace Call Center are still available, and open enrollment will not be negatively impacted,"
Translation: "Please continue to put your personal information in our shitwagon."
Oh (Score:3)
What has gone undetected? (Score:1)
On initial release this system had an alarming number of security issues, but anyone publicly pointing them out (e.g. David Kennedy from TrustedSec) was generally marked as a conservative troll and not genuinely interested in the security of the system. I generated a shitload of 'anomalous activity' back in the day doing a little personal research and there was zero evidence of detection or responsive action. I'm sure security has improved over the years but I doubt this is the first incident.