connect with us:
Follow us on Facebook
Follow us on LinkedIn
Follow us on Google+

The ObamaCare Exchanges: A Hacker’s Dream?

Oct 17, 2013

Posted by

Charles Dahlheimer

Recognized as one of the industrys leading visionaries, Dahlheimer is publisher of The Real Estate Professional magazine and The Real Estate Executive Summary.  He co-authored Real Es Read more

Appearing on Fox Business Network’s “Cavuoto,”  John McAfee, computer programmer and founder of McAfee, Inc. said the online component of Obamacare "is a hacker's dream" that will cause "the loss of income for the millions of Americans who are going to lose their identities."

McAfee said the way it is set up makes it possible for fake websites be set up to fool people to think they're signing up for Obamacare.

 "It's seriously bad," McAfee said. "Somebody made a grave error, not in designing the program but in simply implementing the web aspect of it. I mean, for example, anybody can put up a web page and claim to be a broker for this system. There is no central place where I can go and say, 'OK, here are all the legitimate brokers, the examiners for all of the states and pick and choose one.'"

Will Oremus, staff writer at @Slate covering technology, science, and the future, and lead blogger for @FutureTenseNow, argues that “hacker’s dream” is an overstatement. Says Oremus, “A hacker’s dream, one imagines, would involve a single, centralized database of loosely guarded, sensitive information. The data hub, in contrast, was built expressly to avoid retaining or storing people’s data, as the Centers for Medicare and Medicaid Services explained in a fact sheet earlier this month. Instead, the hub is meant to function more like a switchboard or routing tool, shuttling information securely between the marketplace sites and the federal agencies.”

“If there’s a weak point in the system,” notes Oremus, “there’s a chance it could be found in one of the 17 state-level marketplaces, or possibly one of the federally facilitated marketplaces set up by the federal government for states that opted not to set up their own.”

But McAfee zeros in on exactly that point, arguing that this is not a software issue but a basic web issue, allowing anyone to put up a fake Obamacare web page and claim to be a broker for the system.

“Any hacker can put a website up, make it look extremely competitive,” says McAfee.  “And because of the nature of the system, this is healthcare after all, they can ask you the most intimate questions, and you're freely going to answer them," McAfee said. An unsuspecting user might give up his Social Security number, date of birth or share any mental health issues, he said.  "What idiot put this system out there and did not create a central depository?" he asked. “This is insane. So, I will predict that the loss of income for the millions of Americans who are going to lose their identities - I mean, you can imagine some retired lady in Utah, who has $75,000 dollars in the bank, saving her whole life, having it wiped out in one day because she signed up for Obamacare. And believe me, this is going to happen millions of times. This is a hacker's dream. I mean I cannot believe that they did this."

In July, the Independent Women’s Forum (IWF) warned that the system was likely to go online with security flaws and be open to security breaches.  Noting that the health exchanges were set to open on October 1, but testing on the data hub, a system that manages access to the records of participants in the programs, would not take place until the end of September, the group cautioned that the system could go online with security flaws and be open to security breaches – a hackers dream!

Another watchdog group, the Independent Women’s Forum, a non-partisan, 501(c)(3) research and educational institution, cited other security issues after uncovering the lax standards state exchanges were using to recruit enrollment counselors to get people enrolled in Obamacare. A posting on the group’s website stated, “In California, enrollment counselors are being farmed from thousands of community organizations with little regard to their criminal background. Yes, let’s give a former thief access to the names, social security numbers, addresses, financial information and medical histories of applicants. Couple that with this new revelation that the electronic system housing all of this information may not even be secure, we’ve got serious grounds for concern.”