Healthcare.gov Security Concerns Won't Go Away
At least one critic is calling for the federal health information exchange website to be shut down until a complete security audit can be conducted. Since that's unlikely to happen, let's hope the government is judiciously reinforcing its data breach prevention policies.
For months, Republicans in Congress have been feeding fears of a massive data breach at healthcare.gov. Given the site's many, many shortcomings, healthcare.gov would appear to be a prime target for some sort of data compromise. Its sheer size is reason enough for the bad guys to perpetually keep trying to break in.
And yet, to date, no breaches of any significance have occurred.
In part, that's because at its heart, healthcare.gov isn't one gigantic database. Like Target, which recently sustained a data breach affecting up to 70 million customers, the federal health information exchange is networked to multiple databases, each one housing valuable data.
Therein lies the trouble. By penetrating multiple systems, the Target hackers were able to grab more than just credit card numbers. They got PINs, addresses, email addresses, and other personal information. As one data expert writes, the Target hackers
"…didn't gain access just once. In fact, they kept coming back to harvest data almost daily over the course of several weeks. As we now know, they didn't just stop with the sales data. They roamed across Target's network of servers looking for interesting information..."