Hackers Break Into HealthCare.gov 150
mpicpp is one of many to point out that hackers broke into the HealthCare.gov website in July and uploaded malicious software. "Hackers silently infected a Healthcare.gov computer server this summer. But the malware didn't manage to steal anyone's data, federal officials say. On Thursday, the Health and Human Services Department, which manages the Obamacare website, explained what happened. And officials stressed that personal information was never at risk. "Our review indicates that the server did not contain consumer personal information; data was not transmitted outside the agency, and the website was not specifically targeted," HHS spokesman Kevin Griffis said. But it was a close call, showing just how vulnerable computer systems can be. It all happened because of a series of mistakes. A computer server that routinely tests portions of the website wasn't properly set up. It was never supposed to be connected to the Internet — but someone had accidentally connected it anyway. That left it open to attack, and on July 8, malware slipped past the Obamacare security system, officials said.
Yep. (Score:3)
Re: (Score:2)
Re:Yep. (Score:4, Insightful)
Yes I'm sure this has never happened to a private company or multiple major financial institutions [theinquirer.net], or academic institutions [abc7news.com], or security companies [arstechnica.com] or IT companies [time.com].
Oh wait.
Re: (Score:3, Informative)
On the other hand, I explicitly recall a statement along the lines of "we aren't going to worry about security until after we get it all up and working first" from one the people running the program. I sure wish I had bookmarked it because it is the kind of thing that is too stupid to believe.
Maybe you're thinking about this [foxnews.com]: "Among the issues that concerned the government's own technical experts was that security testing could not be completed because the system was undergoing so many last-minute changes.
Re: (Score:2)
It's like that old saying:
You'll probably get fired for going Oracle.
Re:Yep. (Score:5, Insightful)
The difference is people voluntarily give data to these companies where as you are forced to give information to Healthcare.gov. It would be the same as if the IRS was hacked.
Re: (Score:1)
Re: (Score:1)
The difference is people voluntarily give data to these companies where as you are forced to give information to Healthcare.gov. It would be the same as if the IRS was hacked.
Well, you aren't forced to! You could just not have healthcare, be financially penalized for not having healthcare, and then die prematurely.
Plus, like all of the academic, financial, security, and IT institutions, the government is really sorry that your personal identity was compromised, but it was an accident OK? So let's not get too upset... they are doing the best that they can! (The hackers are just doing better!)
Plus, I am sure that they will give you one whole free year of credit monitoring to ma
Re: (Score:2)
The difference is people voluntarily give data to these companies where as you are forced to give information to Healthcare.gov. It would be the same as if the IRS was hacked.
Well, you aren't forced to! You could just not have healthcare, be financially penalized for not having healthcare, and then die prematurely.
Actually, the financial penalty is for not paying a private company for an insurance policy. It doesn't matter if you receive health care or not.
Re: (Score:2)
And if you don't pay the penalty?
Re: (Score:2)
The difference is people voluntarily give data to these companies where as you are forced to give information to Healthcare.gov.
So?
Consumer choice makes a difference where the consumer could have avoided the problem if they had had a choice. But that's not the case here. How secure the back-office systems of a company are is almost completely opaque to a consumer, so they cannot make an informed choice, and the institutions being hacked are banks, credit checking agencies, health insurance companies, security companies - you can't realistically avoid doing business with them.
Re: (Score:2)
Wow, a completely factually incorrect complaint about "Obamacare." Modded up as Insightful as well, how suprising.
There are absolutely no requirements to use any of the echanges in the ACA. The exchanges are provided as a convenience. You are perfectly free to get your healthcare through your employer if you want. Or, you can
Re: (Score:3)
Modern life requires interaction with big careless corporations.
Sure, but mostly you don't have to interact with a particular corporation. You need to buy groceries, but if you don't like one grocery store, you can shop at another. It is much harder to do that with governments.
Re: (Score:3)
Most of the things you complain about are due to regulations. An airline would be happy to sell you a ticket for cash. A bank would be happy to open a numbered account. As for rentals of course the owner wants to see evidence you are a trustworthy person.
Re: (Score:1)
Re:Yep. (Score:4, Insightful)
Federal government isn't spending your money either. Federal government is not revenue constrained.
"Taxes for revenue is obsolete."
Re: (Score:2)
Re:Yep. (Score:4, Insightful)
Yes I'm sure this has never happened to a private company or multiple major financial institutions [theinquirer.net], or academic institutions [abc7news.com], or security companies [arstechnica.com] or IT companies [time.com].
Major financial institutions, academic institutions, security companies, and IT companies don't force us under penalty of law to use their wares and put our personal confidential information at risk. Furthermore, few if any of them have managed to create something of such colossal expense, enormous failure, corruption, and risk we see now.
Re: (Score:2)
Obamamancer.
Re: (Score:2, Insightful)
> Yep. The country's in the very best of hands.
Damn straight, this is Obama's fault.
Some low level govt. employee accidentally connected a computer to the Internet and exposed it to malware. If that isn't the reason to impeach Obama then I don't know what is.
Re: (Score:2)
Re:Yep. (Score:4, Funny)
> Please tell me your comment is snark.
No sir. I am dead serious! Obama is incompetent. Take for example this business with Putin and ISIS and Taliban. It is getting out of control. Not because these are hard problems, but because Obama is a pussy. He wants to keep thinking about it. As GWB would say, time for thinking is over. Its time to kick some ass. If you have seen the Rambo series of movies, you'd know what I am talking about.
Man, I hope to God Chuck Norris runs for president and wins. I'd like see the expression on Putin's face when that happens.
Re: (Score:2)
> Please tell me your comment is snark.
No sir. I am dead serious! Obama is incompetent. Take for example this business with Putin and ISIS and Taliban. It is getting out of control. Not because these are hard problems, but because Obama is a pussy. He wants to keep thinking about it. As GWB would say, time for thinking is over. Its time to kick some ass. If you have seen the Rambo series of movies, you'd know what I am talking about.
Man, I hope to God Chuck Norris runs for president and wins. I'd like see the expression on Putin's face when that happens.
Why is the parent modded as funny?
I mean, the post is funny, but I think he was also serious! It should be "insightful!!!"
Even if you voted for Obama twice, you have got to admit (by now) that he does do a lot more thinking and talking than taking action.
Of course, with politicians, less action is often preferable!
Re: Yep. (Score:4, Funny)
I'm with linuxguy on this one - what good are nuclear weapons if you don't show people what they can do from time to time? In the 50s we had bomb shelters and duck and cover drills... now we are soft. Sitting on the sidelines applying gentle pressure isn't the American we love - Obama needs to make Mad Max happen NOW.
Re: (Score:2)
Re: (Score:2, Insightful)
> Yep. The country's in the very best of hands.
Damn straight, this is Obama's fault.
Some low level govt. employee accidentally connected a computer to the Internet and exposed it to malware. If that isn't the reason to impeach Obama then I don't know what is.
Fox News reports that 8 out of 10 Republicans believe this unbelievably incompetent security breach has replaced BENGHAZI! as the worst thing that ever happened in American History.
The other two are too busy trying to find a loophole in Ted Cruz's ability to run for president. They think it will work out if we declare war on Canada.
Re:Yep. (Score:5, Insightful)
Confession: I just actually RTFA. Don't ban me.
Evidence the attack hadn't proceeded? That the 'attack tools' were sitting there, waiting for the command.
So someone broke in and left a bunch of 'hacker tools' laying around a directory and listening on a port as a service?
Wouldn't the last step of a successful attack be to clean up all traces, run defrag then perhaps install a fresh copy of BO. Just incase someone changes the password before you come back.
How would you know the difference between a successful raid and an aborted one? Could you give a quick answer? If you needed to search logs to even start answering but the PHB was breathing down your neck what would you say? What other servers would you even start on? What OSs are they using? What skeletons have they already hidden? Database? Read only? Did anybody 'SELECT * FROM *' lately?
Just how good can the logging/intrusion detection be? They let a local login loose.
Re: (Score:2, Interesting)
The country's in the very best of hands.
This is the very first time a computer has ever been hacked! What the hell is going on! I mean, I thought coomputers were completely safe and secure, and no look. It only figures our goddamned Government would be where this would start.
The only cure is the invisible hand of the free market.
Never been compromised, and never will be. For the free marketeers strengths are as the strength of ten men each, because their hearts are pure, above reproach, and never - mind you, NEVER to fail.p> See, I can sp
Definition of "Lie"? (Score:1, Flamebait)
Because there is some wiggle-room in the interpretation of the law, it appears he thought, or hoped, it was possible to tweak the enforcement or application of the law enough so that most people could keep similar services or doctors.
Being overly optimistic is not quite the same as "lying". Bad judgement, yes!
P.S. Mitt told some whoppers also. Honest politicians are a rare breed; I suspect the system weeds out the honest ones.
Re: (Score:2)
I only wonder what we call lies about the lie? Is that like... somehow a lie multiplier?
Re: (Score:2)
Meta-lie?
Re: (Score:2)
"Misstatement of the Year" is not as headline grabby.
Re: (Score:3)
Re: (Score:1)
Failing to reach a goal is NOT a "lie", by most accounts. It's failing to reach a stated and/or promised goal.
There are different ways to screw up and I am not letting O off the hook in general for screwing that up. But I am bothered by its classification as a "lie" (without having more specific info), being a persnickety nerd about certain things.
Of course not! (Score:3, Funny)
"the malware didn't manage to steal anyone's data, federal officials say."
Mostly because at the time, no one had yet been able to successfully complete the sign up process.
Re: (Score:2)
Have they yet?
naked health care (Score:2)
So close (Score:1)
Re:So close (Score:4, Insightful)
Why does people who do not like the idea of the government collecting and storing personal data (under threat of law in most cases) that until recently was private and confidential on servers accessible by the internet have to be trolls for the Koch brothers?
And why would that be bad?
Here is the problem that maybe you simply do not get. Storing all your information on the internet is not a good thing. We have fought tooth and nail forever trying to get people to understand that and now the government decides it is best practice. So yes, completely make fools of fools might very well be warranted here. Maybe then it would cause people like you to wake up.
Re: (Score:2)
Jesus wept, will people never learn? (Score:5, Insightful)
How, in this day and age, does this kind of stupid shit keep happening? How are network admins not creating L2 & L3 separations in the network, with internal firewalls and IDS? How are operations engineers not building local firewalls on machines, and locking down through security policies?
This isn't 1994 any more people. Hand crafted individual artisanal servers, personally wrapped in cotton wool and hand reared by the friendly neckbeard, are not how things should be done at scale in this day and age.
Re: (Score:3)
I'm stealing the 'Hand crafted individual artisanal servers...' line. Where did you steal it from?
Re: (Score:2)
The network admins will have all of that. But they'll be a shared resource covering thousands of ports across hundreds of services. And if you raise a request saying that I need on the internet accessible network, chances are, you'll get it. Because of how we structure our SLAs, performance reviews and outsourcing contracts, more often than not, the job of the network admin (or server admin, or proxy admin, etc.) is to carry out the instructions in the ticket. If an approved ticket requests something, the
Re: (Score:2)
Easy, because one of 3 things:
1. It is too expensive and no one wants to budget for it.
2. I.T. is severely understaffed and forced to work in reactive mode, not proactive mode.
3. They have the security in place, but it is so complex and covering such a large architecture, it is not well-monitored nor maintained for fear of breaking something.
This being the US federal government, there are probably about 100 different contracted companies for all the various parts of and pieces, with no federal IT employees
Re: (Score:1)
How, in this day and age, does this kind of stupid shit keep happening? How are network admins not creating L2 & L3 separations in the network, with internal firewalls and IDS? How are operations engineers not building local firewalls on machines, and locking down through security policies? ...
They did not hire anyone who could do that sort of thing, obviously.
Whos data again? (Score:4, Insightful)
FTFA: "Our review indicates that the server did not contain consumer personal information..."
So we're consumers to government services now?
It was bad enough when the corporations changed from using customers to consumers, but no way in hell should the government use that term in reference to its citizens.
Re: (Score:3)
They exceeded 51% net beneficiaries a while ago. Its all bigger and bigger 'bread and circuses' from here on. Amazing government efficiency or hidden costs?
So that brings the successful login count to.... (Score:5, Funny)
exactly one :-D
Re:So that brings the successful login count to... (Score:4, Interesting)
"Yes - it's a big failure" - Yes, that much we can certainly agree on. Here is a little news flashback for you (I intentionally did not choose a story from Fox News or similar Right-leaning news source) : http://www.huffingtonpost.com/... [huffingtonpost.com]
Not surprisingly, the administration has quitely stopped releasing signup numbers, despite a promise to do so in the article above: http://hotair.com/archives/201... [hotair.com]
The Obama administration continues to play fast and loose with the term "enrollment" and still refuse to tell the public how many people have actually paid for an insurance plan via the Obamacare website.
I'm not suggesting that people should "die" when they get sick. Far from it. I believe that Americans should get the best medical care available.
What I am suggesting is that the implementation of the Affordable Care Act has been a collosal bungle, the likes of which the free world has never seen.
Re: So that brings the successful login count to.. (Score:1)
Re: (Score:3)
I deliberately chose to post from a left wing site (Huffington) and a right wing site (as you noted, Hot Air). Both articles reach the same conclusion. A fact that you seemingly have failed to grasp. Are you disputing the collective conclusions or are you just pissed off that things didn't work out the way you wanted them to?
Re: So that brings the successful login count to. (Score:1)
Re: (Score:2)
No hard feelings. We just have a different point of view. I hope that the ACA works out in the end. I really do. All governments must seem to have a poor track record when it comes to this sort of thing. Time will tell. Cheers.
Re: (Score:2)
The signups have been tracked by one guy - current total is some 9m. Check out http://acasignups.net/ [acasignups.net]
After the startup glitches (your HuffPo link was from last year, and is well out of date) the site seems to be functioning OK.
Re: (Score:2)
Umm...it was a joke dude. Obviously more than one person has been able to sign up. Thanks for playing though.
Re: (Score:2)
After the startup glitches (your HuffPo link was from last year, and is well out of date) the site seems to be functioning OK.
Except for this security breach, right?
Re: So that brings the successful login count to.. (Score:1)
Re: (Score:2)
I would suggest you check out dailykos.com for better information about how the ACA has actually saved lives.
Do you realize that healthcare actually was working for the vast majority of people? ACA has not really been around long enough to determine if it saved lives. And will you count people that die because their previous insurance was lost because of ACA the fault of ACA or the fault of the private insurance?
I have a feeling that in your mind, anything good regarding ACA is to the credit of government and anything bad is the fault of the businesses or republicans. That's a nice, sheltered world to live in.
Re: (Score:2)
Please, keep talking, I find your unabashed partisanship amusing.
A pox on both Ds and Rs (Score:2)
Because of course, every sick person died before the Democrat party came along, right?
I'm sorry, but you Democrat partisans can go hang out in the same hell as the Republican partisans - just leave us freedom loving folk *alone*. Stop trying to tell us who we can and can't marry, how many rounds of ammo we can have in one clip, what dirty words aren't allowed on TV, or how much insurance we have to buy.
Frankly, the best option we have is to never give a party more than one term in office - keep swapping th
Remember "we don't need security?" (Score:3)
> It was never supposed to be connected to the Internet — but someone had accidentally connected it anyway.
This is where "we don't need security because the machines will never be connected to the internet" falls apart.
so (Score:4, Insightful)
healthcare.gov was better protected then sony? homedepot? target?
Not too bad.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
these are from the government officials who answer to people who were telling us a few years ago that the VA was the model of ideal healthcare delivery
The problem with the VA is that it had to handle a large influx of veterans returning from Iraq and Afghanistan, and there was no corresponding influx of resources to handle them. I don't know if the VA model was 'ideal' or not, but any system will hit the wall at some point if you keep increasing the load factor and never increase its resources.
Re: (Score:2)
Only 2 problems with your claims,
1) The VA has received one of the largest increases in funding of all government departments and it's been a bipartisan effort to increase available funds for a while now. Their 2003 budget was $50 billion; the 2015 budget is $170 billion and that increase was not all at once but continually over those 12 years.
2) In that same time period patient case loads have only increased about 30% and the majority of those cases are not vets from Iraq and Afghanistan but older vets.
Re: (Score:2)
So, explain to me again why I should believe this Administration official when they claim that no private personal information was stolen during this breach? Bear in mind that this official answers to the same people as the IRS officials who claimed that Lois Lerner's emails had been lost due to a hard drive crash, only to admit
Didn't steal anyones data? (Score:1)
LOL does anyone believe this? Do you remember security people warning just exactly how easy it was to infiltrate and get the data? It was even done as proof of concept.
Believe me someone has gotten in and stolen something.
Re: (Score:1)
Re: (Score:3)
Exactly. The original breach was said to have occurred on July 8th. Despite "daily reviews" by the security team it went undetected until August 25th. That's what....6 weeks? I'm envisioning some sort of Falcon and the Snowman atmosphere with paper shredder margaritas for all.
Naturally, the administration is playing this whole thing down as "run-of-the-mill, low-level hacker stuff". Uh huh. Then why did it take 6 fucking weeks to find it? "It wasn't even designed to steal patient data", they claim. And what
Re: (Score:1)
Yep and the nude hacker story, the news keeps talking about the "poor celebs" who got violated, the real story is a script kiddie hacked Apples iCloud, that's the story.
I wonder how much Apple is paying them not to talk about it.
Mod naive (Score:2)
Most naive headline evar.
The news isn't that someone broke in. They've been in since before it went live. The news is that someone noticed.
Re: (Score:2)
Actually, the NEWS is that it was reported. We all knew this site was messed up functionally as well as insecure as a bare NT box running IIS from 1995.
Re: (Score:2)
Actually, the NEWS is that it was reported. We all knew this site was messed up functionally as well as insecure as a bare NT box running IIS from 1995.
Wait a sec. What are you implying about my company's servers?
The wrong side of problem problem. (Score:1)
I find that when tackling a problem, it's often much more effective to tackle the correct side of it. For example: when a vessel is leaking, putting a plug in the side with LOWER pressure is far less effective than, if it can be done, putting the plug in the side with HIGHER pressure. Prosecuting people who manufacture, transport, distribute, and SELL drugs is infinitely less effective than prosecuting the people who USE them (and yes, I'm getting to my point here, in a second,) and the fact that in the U
Re: (Score:2)
I started reading that rant thinking.. OK, they are nuts for sure... BUT
I think you are on to something here. Now I don't agree with your examples for drug use, nor do I think we should just go after users, traffickers should be targets of prosecutions too, your ideas on personal ID have merit.
Actually, this is the kind of thing the credit watching companies do but I like your idea of making it a legal responsibility of the credit issuer to prove they are dealing with the person in question or be unable
Great job for the new CTO to fix! (Score:3)
Give the job of fixing this to the newly minted Federal Government CTO announced on SlashDot just today! http://en.wikipedia.org/wiki/M... [wikipedia.org]
Oh wait, problem, that's not her job, that falls under the Secretary of Health and Human Services control... Washington DC is broken, very broken...
Hackers broke into HealthCare.gov? (Score:3)
In most cases you'd expect hackers to hack in and break the site, in this case they probably felt obligated to fix it knowing that that would annoy far more people than taking it off-line :)
Conclusion based on malware found = fail (Score:1)
Any conclusion based on malware found is ridiculous. You are basing a conclusion on false pretense and incomplete information.
A real investigator concludes loss of data or other impact based on actual evidence to show those effects. The presence or non-presence of malware is not evidence of such activity. Its only evidence of that malware.
Also, malware does not "slip" around. That is a patently false statement, proving the ongoing poor comprehension of what computer security is all about, and an attempt to
They only had a billion dollars to spend. (Score:2)
Let me guess: Windows (Score:1)
No doubt it was a Windows machine, and the poor bastard who hooked it up to the internet probably used Internet Exploder 7.
From someone who *was* in healthcare IT (Score:2)
Re: (Score:1)
Better hands than GW Bush (Score:1)
Nowhere in the comments above you does anyone blame Obama for this. Your pre-emptive overreaction betrays you.
Re: (Score:1)
Re:Better hands than GW Bush (Score:4, Informative)
TFA is on CNN, not on Fox.
Nowhere in the article there's any blame addressed to Obama.
I think maybe you're seeing things brother..
Re: (Score:2)
You certainly sound like you eat drink and poop Fox News.
Sounds like you watch Fox News therefore I don't have to consider anything you say. QED. Plus, I'll rant like a loon for a while and strengthen my argument!
Re: (Score:2)
Re: (Score:2)
Ran for delegate to the 2012 DNC and won - went to Charlotte, NC and worked on both campaigns - 2008 and 2012. Are we clear?
Well, we're clear that you have poor judgment.
Re: (Score:2)
No I do not. But all the "statements" made by the commenter could have been lifted from Fox News. ....
So you don't watch Fox News but know that all the comments could have been lifted from them? I guess you must have seen snipits posted on sites you read and assume that the editorial part of Fox News is the news part - the same editorial parts that CNN and MSNBC have but leaning the other way.
Democrat. Always was one and always will be one.
Ah - well I'm glad you admit to have an open mind. Sounds like the Democrats don't really have to do anything to win your vote - which is probably why they don't really care what they do on the privacy or war fronts.
Re: (Score:2)
There are times in life when you need to admit " I'm just digging this hole further down", and let it go.
That time for you, in this argument, is now.
However, I know you won't.
Re: (Score:2)
Has /. Been hacked by right wing crazies? I thought nerds were too smart to believe Fox News. And yet it's always Obama's fault. Yeah, I am sure he personally patched in the server by mistake. #EverythingThatGoesWrongCanBeBlamedOnObama
These days, all you have to do is post something they can echo chamber about, and they will descend like locusts. >
Try posting a story about 9 year old girls don't have the right to kill gun range officers with an automatic pistol and see what happens.
They'll have their caps lock and loaded - ready to rumble.
Re: (Score:3)
We don't know either. It's media speak for some arbitrary subset of data about someone that some administration mouthpiece has fed the stenographe^Hreporters after consulting with some government lawyer somewhere.
Sorry. Can't help you.
Re: (Score:2)
"consumer personal information"
Contrary to popular belief, Obamacare doesn't actually provide healthcare, they are an intermediate between a person and an insurance company that provides a level of coverage for health care.
The fact that many are forced by law to use the PPACA website shouldn't detract from the fact that people are actually consuming the insurance product (although at the end of a gun). So people who purchased insurance or consumed products from the website is what they are talking about.