Security Expert To Warn Congress Of Healthcare.gov Security Bugs

Expert To Warn Congress Of Healthcare.gov Security Bugs
US Health and Human Services Secretary Kathleen Sebelius testifies before the Senate Finance Committee on health insurance exchanges on November 6, 2013 in the Dirksen Senate Office on Capitol Hill in Washington, DC. AFP PHOTO/Mandel NGAN (Photo credit should read MANDEL NGAN/AFP/Getty Images)
US Health and Human Services Secretary Kathleen Sebelius testifies before the Senate Finance Committee on health insurance exchanges on November 6, 2013 in the Dirksen Senate Office on Capitol Hill in Washington, DC. AFP PHOTO/Mandel NGAN (Photo credit should read MANDEL NGAN/AFP/Getty Images)

By Jim Finkle

BOSTON, Nov 19 (Reuters) - A respected security expert will warn Congress on Tuesday that the Obama administration's healthcare website has security flaws that put user data at a "critical risk," despite recent government assurances the data is safe.

"There are actual live vulnerabilities on the site now," David Kennedy, head of computer security consulting firm TrustedSec LLC, told Reuters ahead of his testimony at a Congressional hearing on the topic "Is My Data on HealthCare.gov Secure?"

Kennedy, a former U.S. Marine Corps cyber-intelligence analyst, said his firm has prepared a 17-page report describing some of the problems. It does not go into specifics in some areas, he said, because that could provide criminals with a blueprint for launching attacks.

"There is a lot of stuff that we are not publicly disclosing because of the criticality of the findings," he said. "We don't want to hurt people."

Kennedy and other security experts have warned that vulnerabilities on the site pose risks to the security of user data since shortly after its Oct. 1 launch.

At the end of last month, a Sept. 27 government memorandum surfaced in which two U.S. Department of Health and Human Services officials said the security of the site had not been properly tested before its launch, creating "a high risk."

When the memo surfaced on Oct. 30, government spokeswoman Joanne Peters said steps had been taken to ease security concerns since the memo was written, and that consumer data was secure.

"When consumers fill out their online Marketplace applications, they can trust that the information they're providing is protected by stringent security standards and that the technology underlying the application process has been tested and is secure," she said at the time.

Peters said on Tuesday she could not immediately comment on Kennedy's findings. (Reporting by Jim Finkle in Boston; Editing by Michele Gershberg and Jeffrey Benkoe)

Before You Go

Healthcare In America Is Already 'The Best In The World'

Lies And Distortions Of The Health Care Debate

Popular in the Community

Close

What's Hot