Obamacare Website HealthCare.gov & Security Threats Review

Well, there have been lot of discussions around security issues with Obamacare website, healthcare.gov which has become talk of the town recently. The federal portal serves 36 states not operating their own health insurance exchanges. Fourteen other states and the District of Columbia run their own marketplaces. One of the factors attributing to security issues is sheer large volume of untested source code covering 500 millions lines of code.

One of the most important security threat is related with information disclosure of the millions of Americans. The sensitive personal information of millions of Americans such as social security numbers (SSN), birthdays, incomes, home mortgages, and addresses is at risk.

Another security threat is spoofing identity where users could be sent email asking them to log on to healthcare.gov website, thereby taking users to a similar looking website and acquiring their login credentials.

Take a look at the overall architecture of healthcare.gov from infrastructure point of view (source):

The diagram above represents the data that healthcare.gov exchange from different sources such as state exchange, IRS and third parties application. The very fact that healthcare.gov is integrated to multiple systems, and that data is very sensitive makes it much more vulnerable and could lead to greater impacts if at all a hacker breaks into the system. He could alter data on third party systems thereby making it very difficult to recover.