Obamacare Website HealthCare.gov & Security Threats Review

obamacare

Well, there have been lot of discussions around security issues with Obamacare website, healthcare.gov which has become talk of the town recently. The federal portal serves 36 states not operating their own health insurance exchanges. Fourteen other states and the District of Columbia run their own marketplaces. One of the factors attributing to security issues is sheer large volume of untested source code covering 500 millions lines of code.

One of the most important security threat is related with information disclosure of the millions of Americans. The sensitive personal information of millions of Americans such as social security numbers (SSN), birthdays, incomes, home mortgages, and addresses is at risk.

Another security threat is spoofing identity where users could be sent email asking them to log on to healthcare.gov website, thereby taking users to a similar looking website and acquiring their login credentials.

Take a look at the overall architecture of healthcare.gov from infrastructure point of view (source):

healthcare.gov architecture - infrastructure view

healthcare.gov architecture – infrastructure view

 

The diagram above represents the data that healthcare.gov exchange from different sources such as state exchange, IRS and third parties application. The very fact that healthcare.gov is integrated to multiple systems, and that data is very sensitive makes it much more vulnerable and could lead to greater impacts if at all a hacker breaks into the system. He could alter data on third party systems thereby making it very difficult to recover.

 

Ajitesh Kumar
Follow me

Ajitesh Kumar

I have been recently working in the area of Data Science and Machine Learning / Deep Learning. In addition, I am also passionate about various different technologies including programming languages such as Java/JEE, Javascript, Python, R, Julia etc and technologies such as Blockchain, mobile computing, cloud-native technologies, application security, cloud computing platforms, big data etc. I would love to connect with you on Linkedin.
Posted in Application Security. Tagged with , , .

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload the CAPTCHA.