Researchers Find A Way To Hack Spanish Language HealthCare.gov

Aliya Sternstein | Nextgov | October 30, 2013

Until fixed on Wednesday afternoon, a security flaw in CuidadoDeSalud.gov -- the Spanish language version of HealthCare.gov -- could have allowed hackers to steal personal information from enrollees as they typed, according to three independent software developers. The Health and Human Services Department repaired the software error after Nextgov inquired about the defect early Wednesday.

HHS remedied a similar bug on the English-speaking site at some point between Oct. 4 and Oct. 10.

While citizens bemoan the online healthcare shop’s inelegant functionality, some programmers say the same clumsiness is creating vulnerabilities that criminals could exploit, especially as the site becomes more reliable and attracts more users.

The Spanish version remained faulty likely because the estimated 500 million lines of code running the marketplace are managed by multiple system administrators and reside on separate servers, said Gabriel Harrop, who examined public code through his browser’s developer tools.