In what sense is a broken website “fixed” when it’s completely insecure?
Security consultant David Kennedy, who has testified before Congress about the flaws in Healthcare.gov that have made people’s information unsafe, revealed Monday he was able to gain access to the personal records of 70,000 Obamacare enrollees in four minutes.
“It looks like it’s continuing to get worse,” Kennedy said of the website’s security fiasco.
What’s more, it appears he used methods that are available to anyone:
We didn’t actually hack the website. This is basically from what we could find open on the Internet . . . If hackers actually target their efforts on Healthcare.gov, it’s disastrous what type of information they could actually find on the website.
Kennedy added that the very fact that the website is still so bad it crashed Monday suggests security issues must also be a problem.