Obamacare Website HealthCare.gov & Security Threats Review

obamacare

Well, there have been lot of discussions around security issues with Obamacare website, healthcare.gov which has become talk of the town recently. The federal portal serves 36 states not operating their own health insurance exchanges. Fourteen other states and the District of Columbia run their own marketplaces. One of the factors attributing to security issues is sheer large volume of untested source code covering 500 millions lines of code.

One of the most important security threat is related with information disclosure of the millions of Americans. The sensitive personal information of millions of Americans such as social security numbers (SSN), birthdays, incomes, home mortgages, and addresses is at risk.

Another security threat is spoofing identity where users could be sent email asking them to log on to healthcare.gov website, thereby taking users to a similar looking website and acquiring their login credentials.

Take a look at the overall architecture of healthcare.gov from infrastructure point of view (source):

healthcare.gov architecture - infrastructure view

healthcare.gov architecture – infrastructure view

 

The diagram above represents the data that healthcare.gov exchange from different sources such as state exchange, IRS and third parties application. The very fact that healthcare.gov is integrated to multiple systems, and that data is very sensitive makes it much more vulnerable and could lead to greater impacts if at all a hacker breaks into the system. He could alter data on third party systems thereby making it very difficult to recover.

 

Ajitesh Kumar

Ajitesh Kumar

I have been recently working in the area of Data analytics including Data Science and Machine Learning / Deep Learning. I am also passionate about different technologies including programming languages such as Java/JEE, Javascript, Python, R, Julia, etc, and technologies such as Blockchain, mobile computing, cloud-native technologies, application security, cloud computing platforms, big data, etc. I would love to connect with you on Linkedin. Check out my latest book titled as First Principles Thinking: Building winning products using first principles thinking.
Posted in Application Security. Tagged with , , .