State-run healthcare websites aren't as secure as you'd think
A congressional investigation found security flaws in CA, KY and VT insurance portals.
Health insurance websites in California, Kentucky and Vermont apparently aren't as secure as they should be. According to the Associated Press, based on the vulnerabilities found by the Government Accountability Office, other states' health care websites could be just as ripe for intrusions. Without naming names, the GAO reported that one state didn't encrypt passwords, another didn't have the right type of encryption server-side and the last anonymous state failed to "properly use a filter to block hostile attempts" to visit its site.
The scary part is that some of the issues still exist, even though the GAO's examination concluded last March. Former Kentucky governor Steve Beshear says that no information was compromised and there were never any security breaches, however. The GAO says that Healthcare.gov isn't much better about security either, but, that like Kentucky, private data has not been lost or pilfered despite numerous "security incidents." Comforting!
It isn't all unsettling news though. From the sounds of it, the Golden State's Covered California site is trying its best to prevent intrusions and fix any new holes since the GAO's investigation concluded. There's a joke that could be made here about the government's attitude toward encryption given current events, but I'm going to let the comment section sort that one out.
