How Healthcare.gov Could Be Hacked

Dana Liebelson | Mother Jones | October 24, 2013

Security experts say the federal health insurance website is vulnerable to a common technique that hackers use to steal personal information.

With Healthcare.gov plagued by technical difficulties, the Obama administration is bringing in heavyweight coders and private companies like Verizon to fix the federal health exchange, pronto. But web security experts say the Obamacare tech team should add another pressing cyber issue to its to-do list: eliminating a security flaw that could make sensitive user information, including Social Security numbers, vulnerable to hackers.

According to several online security experts, Healthcare.gov, the portal where consumers in 35 states are being directed to obtain affordable health coverage, has a coding problem that could allow hackers to deploy a technique called "clickjacking," where invisible links are planted on a legitimate web page. Using this scheme, hackers could trick users into giving up personal data as they enter it into the web site, potentially placing Americans at risk of identity theft or allowing fraudsters to file bogus health care claims. And it's not just the federal exchange that has security problems. Some of the 15 states that have established their own online exchanges aren't using standard encryption throughout their Obamacare websites—leaving user information at risk.