Healthcare.gov Was Hacked This Summer, And It Can Easily Happen Again: What Digital Consumers Need To Know
President Barack Obama’s administration is under fire after reports revealed HealthCare.gov was hacked this summer. Though, as far as analysts can tell, no personal information was stolen and the breach isn’t expected to affect the second enrollment period starting on Nov. 15.
Instead, it appears the hacker(s) uploaded harmful software that would make it easier to hack the system again in the future — something he/she allegedly did to a number of websites. It’s nothing many are surprised by, namely the GOP.
“Despite numerous warnings from myself and other lawmakers that security breaches were possible, HealthCare.gov underwent virtually no independent security testing,” Sen. Orrin Hatch (R-Utah) said in a press release. “Securely holding the personal information for millions of Americans must be a priority. It's yet another deeply disturbing failure of the President's health law, and once again it is the American people who are bearing the brunt of the law's failures."
It’s expected for the GOP to jump at a chance to discredit President Obama’s controversial health care law. But the truth is, even those who had a hand in making the site aren’t surprised. “There were security problems from the get go,” Rebecca Mercuri, a computer forensic scientist who made a study of HealthCare.gov security last year, told POLITICO. Mercuri added that the site has been more concerned with functionality so consumers can succuessfully use the site, not security.
Millions of Americas have registered to use the online insurance portal, uploading their personal, financial, and health information. HealthCare.gov is obviously a mainstream target, but smartphone apps and digital devices consumers use on a daily basis are subject to hacking, too.
Take, for example, the Target hack during last year’s Black Friday. Over 40 million people had their credit card information stolen, something Business Week wrote could have easily been avoided. In fact, if companies had heeded that advice, perhaps Home Depot Inc., would not currently be facing a similar breach. The company confirmed to Bloomberg News they’re looking into unusual activity.
Let’s not forget that in November 2014 more than 93,000 websites were hacked as well, including Facebook, Gmail, YouTube, Yahoo, Twitter, ADP, and LinkedIn. Hackers stole usernames and passwords from millions of accounts.
Today, 87 percent of U.S. adults are using the Internet, 58 percent own a smartphone, and 21 percent of those smartphone users reported “they use some form of technology to track their health data,” according to the Pew Research Center.
There’s no short supply of online spaces a hacker can steal a digital consumer’s information, especially when you consider how major companies, like American Express, advocate for paperless billing. Yes, it’s a huge relief to the environment — Americans discard nearly 2,500 pounds of paper per year, enough to heat 50 million homes for 20 years — but without paper bills and health records you can securely file away, all of that information is online.
And the truth is, online payment portals and downloaded apps can easily be hacked. In fact, a study from the University of California–Riverside found Android, Windows and iOS mobile operating systems are all flawed. Researchers used a method that allowed them to hack apps such as Gmail, H&R Block, Newegg, WebMD, CHASE Bank, Hotels.com, and Amazon (though that last one proved to be more difficult.)
A separate study from McMaster University in Canada recently found that despite digital consumers knowing how likely it would be for someone to access their personal data in the event their cell phone was lost, only 72 percent knew their device could be automatically set to erase it.
The idea of hacking seems so far-fetched when you’re not a government official or the owner of a major company. However, it’s a real problem. Digital consumers don’t even realize how easy they make it for others to steal, and misuse, their information.
How do you stay safe? Don't settle for a single password. Slate reported on something know as two-factor authentication, where a security system requires more than one credential to allow consumers to access their account or app. Gmail and Facebook are both proponents of this and though setting it up is a bit of a hassle, it can lessen the negative aftermath of a hack.
Other suggestions per Slate are getting into the habit of encrypting your data and creating a super secret e-mail address where all your password reset information is set. When this information is sent to your main Gmail account, it’s a free-for-all for hackers. What starts out as an email hack leads to every hack for each password they find in your inbox. Digital consumers should also only download trusted apps and links, install antivirus software, and exercise extreme caution whenever they're required to upload personal information.
Security is an on-going, nationwide problem. Protection, it seems, has to start with individuals first.