White hat hacker was able to access 70,000 records in Healthcare.gov website in under 4 minutes

Posted Jan 21, 2014

The Healthcare.gov website has had an extremely rocky start since starting in October. Even though it is continuously improving, the Healthcare.gov website still has its fair share of problems. One of the vulnerabilities in the website was discovered by a white hat hacker and the CEO of TrustedSec named David Kennedy. Kennedy was able to gain access to over 70,000 private records in under four minutes.

Kennedy had warned anyone that would listen since November that the government website was insecure. Since action was not taken from his advice, he decided to break into the website. He even said that he did not have to do any hacking at all.

Here is what Kennedy said in an interview with Fox News on Sunday as quoted by Gizmodo:

“The problem is if you look at the integration between the IRS, DHS, third party credit verification processes, you have all of these different organizations that feed into this data hub for the healthcare.gov infrastructure to provide all that information and validate everything. And so if an attacker gets access to that, they basically have full access into your entire online identity, everything that you do from taxes to, you know, what you pay, what you make, what DHS has on you from a tracking perspective as well as obviously, you know, what we call personal identifiable information which is what an attacker would use to take a line of credit out from your account. It’s really damaging.”