Hackers breached HealthCare.gov server, apparently left empty-handed

(Image credit: CC by: Reynermedia)

last updated 8 January 2015

On Thursday, the White House said that hackers had infected one HealthCare.gov server in July, but didn't get any consumer information. The test server shouldn't have been connected to the internet, didn't have any security software, and was protected by the default password from the manufacturer, said Aaron Albright, spokesman for the Centers for Medicare and Medicaid Services (CMS).

"Our review indicates that the server did not contain consumer personal information, data was not transmitted outside the agency, and the website was not specifically targeted," Albright said. "We have taken measures to further strengthen security."

Still, the breach, discovered Aug. 25 during a manual scan of the server, is a wakeup call for the administrators of the federal ObamaCare registration site, which serves about 5 million people in 36 states. The website launched last year before security testing was complete, leading to a rash of speculation that a breach of sensitive consumer information was almost inevitable. Since then, HealthCare.gov has passed security certification. Online security experts warn that the website is still a ripe target for hackers.

Subscribe to The Week

Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.

SUBSCRIBE & SAVE

https://cdn.mos.cms.futurecdn.net/flexiimages/jacafc5zvs1692883516.jpg

Sign up for The Week's Free Newsletters

From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.

Explore More

Peter has worked as a news and culture writer and editor at The Week since the site's launch in 2008. He covers politics, world affairs, religion and cultural currents. His journalism career began as a copy editor at a financial newswire and has included editorial positions at The New York Times Magazine, Facts on File, and Oregon State University.