ObamaCare Security May Curb Sign-Ups

November 29, 2013 at 8:02 AM

In what could be the biggest handicap to getting people to sign up for ObamaCare, the public is over whelmingly concerned about the security of the information compiled by the health care exchange.

The latest IBD/TIPP Poll finds that 78% say Americans should be worried about the security of the ObamaCare exchange website, and 53% say they should be "very concerned." This view was shared across parties, with 69% of Democrats saying security concerns are warranted.

More worrisome for the law's success, 82% of those aged 18-24 say concern is justified. These are among the people ObamaCare most desperately needs to enroll to keep overall premiums from spiraling out of control.

Fears about ObamaCare websites could help explain why enrollment is well below forecast at both the federal and state-run exchanges. They also could deter sign-ups even as the online exchanges become easier to use.

Exchanges collect piles of highly sensitive confidential information that identity thieves desire, including income, birth dates and Social Security numbers.

The public's security fears have been stoked by a raft of stories and reports suggesting that the exchange websites aren't nearly as secure as they should be.

Security Experts Warn

At a recent congressional hearing, security experts warned about ongoing security risks at the Healthcare.gov site.

Morgan Wright, CEO of Crowd Sourced Investigations, told lawmakers that Healthcare.gov had more than 500 million lines of code — more than 20 times as much as Facebook (FB) and nearly 10 times as much as Microsoft (MSFT) Windows 8 — and that this complexity made it ripe for hackers.

Wright also warned that there was no "clearly defined and qualified security lead" at the site, which he said was "inconsistent with accepted practices.

TrustedSec CEO David Kennedy added that "basic security was not built into the Healthcare.gov website," and no formal testing was done. As a result, he said, the site faced a "critical risk for unauthorized access.

When asked at the hearing whether the site should be shut down until it's secure, three of the four experts said "yes.

While the administration consistently downplays these risks, there were warnings prior to the launch about security woes.

A Health & Human Services Department inspector general audit, released in August, warned that the government was way behind schedule in building and testing security features and that "several critical tasks remain to be completed in a short period of time." A Sept. 3 internal memo that was recently unearthed warned that the "threat and risk potential is limitless.

In addition to threats from hackers, personal information appears to be at risk from basic ineptitude, both at the federal and state-run exchanges.

Early this month, the Heritage Foundation reported that when Justin Hadley of North Carolina logged into the federal exchange website, he found personal information on two other people.

Vermont confirmed a security breach after a consumer got a copy of his own application in the mail from a hacker, with a note warning that "Vermont Health Connect is not a secure website!

And in Oregon, Valarie Henderson got a package from Cover Oregon that included not only her mailed-in application, but other applications as well, which included their Social Security numbers, incomes and birth dates.