Yet another Problem Faces Rollout of Online Health Exchanges: Data Hubs Keeping Personal Info Private and Safe from Hackers
It’s not exactly news that logging onto the Patient Protection and Affordable Care Act (Obamacare) site has been a problem. Once logged on, there could be another problem waiting in the weeds in the form of the data hub, a tool for routing a health exchange applicant’s information to relevant government agencies including the IRS, the Department of Homeland Security and the Social Security Administration.
Rep Kevin Brady (R-Texas), who it should be noted has been a staunch opponent of Obamacare, called the data hub “a hacker’s dream.” Politics aside, earlier this year, according to Matthew J. Schwartz on informationweek.com, the Government Accounting Office reported that IT security holes in IRS networks were putting taxpayers’ data at risk.
CMS administrator Marilyn Tavenner pointed out the hub only routes information for vetting applications. It doesn’t store or retain the data.
While there are concerns about how the federal government will protect user information, other concerns have been voiced about how individual states will deal with users’ personal data. Government technology journalist Alex Howard singled out states as a potential weak point in the health exchange ecosystem. Schwartz quotes Howard as saying, “My sense is that people are very nervous [about the potential for exploitable vulnerabilities — and hack attacks — against one or more of the exchanges being operated.”
In a personal commentary Schwartz sums up his own view. “(W)hat if a group such as the Syrian Electronic Army managed to find and exploit some unforeseen vulnerability? Then again, this isn’t the first foray by the IRS, CMS, DHS, SSA and other agencies into handling people’s personal information. Furthermore, should any one exchange suffer a hack attack, the data hub routing and multi-state exchange model means that it’s extremely unlikely that the whole system would come crashing down.”
ThreatMetrix secures Web transactions against account takeover, payment fraud, identity spoofing, malware, and data breaches. The ThreatMetrix Global Trust Intelligence Network, which analyzes 500 million monthly transactions, provides context-based authentication and Web fraud prevention to help companies accelerate revenue, reduce costs and eliminate friction. ThreatMetrix protects more than 1,900 customers and 9,000 websites across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government, and insurance. For more information, visit www.threatmetrix.com or call 1-408-200-5755.