MOSCOW, September 17 (RIA Novosti) - A US federal watchdog agency has pointed to significant loopholes in security and privacy protections that still plague HealthCare.gov, a health insurance website with a database of nearly 5 million people.
The Government Accountability Office (GAO) released highlights of its investigation Tuesday, saying, "Weaknesses remain both in the processes used for managing information security and privacy as well as the technical implementation of IT security controls."
HealthCare.gov is a government portal managed by the US Centers for Medicare & Medicaid Services (CMS). It has become a key element of US President Barack Obama's flagship Patient Protection and Affordable Care Act, dubbed Obamacare.
GAO admitted that CMS had "taken steps to protect the security and privacy of data processed and maintained by the complex set of systems and interconnections that support HealthCare.gov," but stressed that the agency running the website "had not always required or enforced strong password controls, adequately restricted access to the Internet, consistently implemented software patches and properly configured an administrative network."
In the report, congressional investigators presented six major recommendations for the Health and Human Services Department (HHS) to boost the website's security. They said the HHS had agreed with the three of proposals but "disagreed in part with GAO's assessment of the facts for three recommendations."
The report came in the wake of a massive hacking attack on HealthCare.gov earlier this summer, although no patient information was reportedly stolen. The only thing the hackers did was to install malware that could potentially target other webpages from the federal insurance website.