由买买提看人间百态

boards

本页内容为未名空间相应帖子的节选和存档,一周内的贴子最多显示50字,超过一周显示500字 访问原贴
Medicalpractice版 - No security ever built into Obamacare site: Hacker
相关主题
HHS suggests to use PA/NPs in place of hospitalists.明年医疗保险会大涨吗?
The USPSTF recommends against PSA-based screening for prostate cancer.美国要进口医生了
医生都拿工资,是好还是坏?Health Care产业跟医疗无关,Obamacare跟医疗无关 (转载)
今晚看Romney讲话Re: Obamacare带来的一个深远影响 (转载)
Obamacare 到底对我们意味着什么?职业指导IV: 医院和私人诊所
How pathetic! This will be my last post at this pathetic board.道听途说
为什么医生/医院不喜欢没有保险的人?ACA正确的翻译
physician's opinion on Romney vs ObamaObamacare讨论的总结 (转载)
相关话题的讨论汇总
话题: security话题: kennedy话题: obamacare话题: said话题: website
进入Medicalpractice版参与讨论
1 (共1页)
c*****k
发帖数: 33
1
http://www.cnbc.com/id/101225308
It could take a year to secure the risk of "high exposures" of personal
information on the federal Obamacare online exchange, a cybersecurity expert
told CNBC on Monday.
"When you develop a website, you develop it with security in mind. And it
doesn't appear to have happened this time," said David Kennedy, a so-called
"white hat" hacker who tests online security by breaching websites. He
testified on Capitol Hill about the flaws of HealthCare.gov last week.
"It's really hard to go back and fix the security around it because security
wasn't built into it," said Kennedy, chief executive of TrustedSec. "We're
talking multiple months to over a year to at least address some of the
critical-to-high exposures on the website itself."
Another online security expert—who spoke at last week's House hearing and
then on CNBC—said the federal Obamacare website needs to be shut down and
rebuilt from scratch. Morgan Wright, CEO of Crowd Sourced Investigations
said: "There's not a plan to fix this that meets the sniff test of being
reasonable."
Last month, a Sept. 27 government memorandum surfaced in which two
Department of Health and Human Services officials said the security of the
site had not been properly tested before it opened, creating "a high risk."
HHS had explained then that steps were taken to ease security concerns after
the memo was written, and that consumer information was secure. Technicians
fixed a security bug in the password reset function in late October, the
agency said.
But on CNBC, Kennedy disputed those claims, saying vulnerabilities remain on
"everything from hacking someone's computer so when you visit the website
it actually tries to hack your computer back, all the way to being able to
extract email addresses, users names—first name, last name—[and] locations
."
Government officials and contractors have been working around the clock for
weeks, releasing fixes on HealthCare.gov nightly with the goal of meeting
the Obama administration's self-imposed deadline of the end of the month to
have the site working smoothly.
"When you look at the site itself, it could be really good. It could do
really well. They're just not building the security into the site itself,"
said Kennedy. "Putting your information on there is definitely a risk."
The federal portal serves 36 states not operating their own health insurance
exchanges. Fourteen other states and the District of Columbia run their own
marketplaces. All of them launched on Oct. 1 as part of the Obamacare
provision mandating most Americans have health-care coverage for next year
or face tax penalties.
Kennedy said those state-operated exchanges also face security risks. "These
are going to be a large area for attack." He pointed to a problem on the
Vermont website on Friday. Officials overseeing the Vermont Health Connect
website confirmed a security breach on the system last month.
When it comes to securing personal information online, Kennedy cited Amazon,
Facebook, and Twitter as models for the industry. He even said the IRS
website does regular testing to help "ensure that when the websites come out
they're protected."
1 (共1页)
进入Medicalpractice版参与讨论
相关主题
Obamacare讨论的总结 (转载)Obamacare 到底对我们意味着什么?
Obamacare是什么?How pathetic! This will be my last post at this pathetic board.
Obamacare要崩盘 (转载)为什么医生/医院不喜欢没有保险的人?
zt The case for single payerphysician's opinion on Romney vs Obama
HHS suggests to use PA/NPs in place of hospitalists.明年医疗保险会大涨吗?
The USPSTF recommends against PSA-based screening for prostate cancer.美国要进口医生了
医生都拿工资,是好还是坏?Health Care产业跟医疗无关,Obamacare跟医疗无关 (转载)
今晚看Romney讲话Re: Obamacare带来的一个深远影响 (转载)
相关话题的讨论汇总
话题: security话题: kennedy话题: obamacare话题: said话题: website