Suppose there was a company that deliberately designed a website with big enough holes in security that you could drive a semi through them. Further suppose that the company then launched a billion-dollar ad blitz luring customers to that site. The CEO of the company went on national TV touting the benefits of the website and urged people to use it.
Later, when the security flaws were exposed by identity thieves and hackers who proceeded to steal the personal information of users, wouldn’t that company be liable for any losses suffered by consumers? Perhaps some enterprising prosecutor could even charge principles in the company with criminal facilitation, given the deliberate design flaws that resulted in the security breach.
Yes, we’re talking about HealthCare.gov and the jaw-dropping evidence that has come to light that the website was constructed without security being built into it.
“When you develop a website, you develop it with security in mind. And it doesn’t appear to have happened this time,” said David Kennedy, a so-called “white hat” hacker who tests online security by breaching websites. He testified on Capitol Hill about the flaws of HealthCare.gov last week.
“It’s really hard to go back and fix the security around it because security wasn’t built into it,” said Kennedy, chief executive of TrustedSec. “We’re talking multiple months to over a year to at least address some of the critical-to-high exposures on the website itself.”
Even more incredibly, not only is the administration denying there’s much of a problem, the president himself is leading the effort to lure the marks right into the tender clutches of the thieves and hackers circling the website like vultures as this is being written:
Now that the website is working for the vast majority of people, we need to make sure that folks refocus on what’s at stake here, which is the capacity for you or your families to be able to have the security of decent health insurance at a reasonable cost through choice and competition on this marketplace and tax credits that you may be eligible for that can save you hundreds of dollars in premium costs every month, potentially.
So we just need people to — now that we are getting the technology fixed — we need you to go back, take a look at what’s actually going on, because it can make a difference in your lives and the lives of your families. And maybe it won’t make a difference right now if you’re feeling healthy, but I promise you, if somebody in your family — heaven forbid — gets sick, you’ll see the difference. And it will make all the difference for you and your families.
The hackers can read too. You’ve got to assume they’ve been perusing the same stuff we’ve been reading about the “limitless” security problems with HealthCare.gov. How long do you think it will be before we have our first major hack of the website? Or one of the state exchanges?
And do you think the administration will inform us if one occurs?