- Text smaller
- Text bigger
It's bad enough that Americans are losing their health-care policies and doctors as they face higher premiums and onerous paperwork amid the unfolding Obamacare nightmare.
Now, experts say users of the Obamacare website also are in grave danger of identity theft and exposure of vital data.
David Kennedy, CEO of the information security firm Trusted SEC, testified before the House Science, Space, and Technology Committee regarding the Healthcare.gov security problems and summarized his ominous testimony to Greta Van Susteren on Fox News last night.
"It's not looking good for the Obamacare website right now," he told Van Susteren. "If you look at how they actually developed the website, it was done very swiftly."
He explained that when a website like that is developed, security normally is built into the application.
But Healthcare.gov, he said, was a "kind of rushed together, pieced together and … shoved out the door."
"Unfortunately that included a lot of security exposures and vulnerabilities that we were able to research and identify," Kennedy said.
He explained that because the system draws data from various agencies, such as the IRS, DHS or third parties like Expirion, a hacker can "gain access to other databases and potentially expose other government agencies as well."
A hacker would be able to extract "a lot of sensitive information about people who have registered," he said
Will it be fixed? And soon? asked Van Susteren.
"Not possible, unfortunately," he said.
Kennedy pointed out that the website has an estimated 500 million lines of code. By comparison, he said, the Microsoft Windows operating system has between 50 million to 80 million lines of codes, which is one of the most complex operating systems.
"So it's six times more complex," he said of Healthcare.gov. "To fix something like that is going to be near impossible in the short time frame."
He told the Fox News host the site could have been developed differently.
"We can protect against hackers, and we owe it to Americans to protect this infrastructure and data that's on it," he said. "It's our personal information, not the government's."
Already, there have been hacking attempts, he said, noting the government report that 16 different attempts have been thwarted.
"To me that seems very low. I think that shows that there is little to low monitoring, [and they] probably don't know they are being attacked," he said.
Would he sign up? Van Susteren asked Kennedy.
"You didn't hesitate," she noted.
"No chance. Knowing the security around the infrastructure itself, how it was rushed of out the door and exposures that we are seeing now," said Kennedy.
"I got an email right in the middle of the congressional hearing of someone saying I have another 30 findings for you – 30 vulnerabilities on the website."