On Thursday, the White House said that hackers had infected one HealthCare.gov server in July, but didn't get any consumer information. The test server shouldn't have been connected to the internet, didn't have any security software, and was protected by the default password from the manufacturer, said Aaron Albright, spokesman for the Centers for Medicare and Medicaid Services (CMS).
"Our review indicates that the server did not contain consumer personal information, data was not transmitted outside the agency, and the website was not specifically targeted," Albright said. "We have taken measures to further strengthen security."
Still, the breach, discovered Aug. 25 during a manual scan of the server, is a wakeup call for the administrators of the federal ObamaCare registration site, which serves about 5 million people in 36 states. The website launched last year before security testing was complete, leading to a rash of speculation that a breach of sensitive consumer information was almost inevitable. Since then, HealthCare.gov has passed security certification. Online security experts warn that the website is still a ripe target for hackers.