Tag: It Figures

It Figures… Expert Says Healthcare.gov Security Risks Even Worse After ‘Fix’

Expert: Healthcare.gov Security Risks Even Worse After ‘Fix’ – Washington Free Beacon

The Obamacare insurance marketplace is even more vulnerable to security breaches since the administration “fixed” Healthcare.gov, according to a cyber security expert.


Health and Human Services (HHS) released a progress report on Sunday following its self-imposed Nov. 30 deadline to repair the website, saying that the “team has knocked more than 400 bug fixes and software improvements off the punch list.”

The administration said that the “site capacity is stable at its intended level,” though the site continued to crash on Monday.

The eight-page report made no mention of the website’s numerous security flaws, which experts say put Americans’ personal information at risk.

“It doesn’t appear that any security fixes were done at all,” David Kennedy, CEO of the online security firm TrustedSec, told the Washington Free Beacon.

Kennedy said fundamental safeguards missing from Healthcare.gov that were identified by his company more than a month ago have yet to be put in place.

“There are a number of security concerns already with the website, and that’s without even actually hacking the site, that’s just a purely passive analysis of [it],” he said. “We found a number of critical exposures that were around sensitive information, the ability to hack into the site, things like that. We reported those issues and none of those appear to have been addressed at all.”

After warning Americans when testifying before Congress on Nov. 19 to stay away from Healthcare.gov, Kennedy now says the situation is even worse.

“They said they implemented over 400 bug fixes,” he said. “When you recode the application to fix these 400 bugs – they were rushing this out of the door to get the site at least so it can work a little bit – you’re introducing more security flaws as you go along with it because you don’t even check that code.”

“I’m a little bit more skeptical now, and I would still definitely advise individuals to not use the website because it’s definitely something that I don’t believe is secure and neither did the four individuals that testified in front of Congress,” Kennedy said. “I think there’s some major security concerns there around privacy and information, and they haven’t even come close to being addressed, and won’t be in the short term.”

Security exposures are not limited to the federal health exchange, but the 14 state marketplace websites as well. A breach has already been cited in Vermont, where a user was given access to another’s Social Security Number.

“That’s a whole other front of hacking,” Kennedy said. “That’s what’s actually going to contain all the sensitive information for residents in those states.”

“States are required to notify in the event of a breach, the federal government is not,” he added. “So in the event that Healthcare.gov gets compromised and all their information gets taken out of it they don’t have to notify anybody.”

Kennedy said the team working on Healthcare.gov is more likely to hide its security flaws than address them. When it was revealed that the most popular searches on the website were hack attempts – confirmed by entering a semicolon in the search bar – the website simply removed the tool.

“The top results were hacker attempts,” Kennedy said. “Their fix for it wasn’t, ‘Hey let’s restrict people from inputting malicious code into the website,’ – because that’s how hackers break into websites – it was, ‘we’re just going to completely disable that entire function completely, and not even show the search results back.’”

CMS did not respond to requests for comment.

Click HERE For Rest Of Story


Related video:



It Figures… The ObamaCare Paper Application Doesn’t Work Either (Audio)

ObamaCare Method #4: The Paper Application Doesn’t Work, Either – Daily Caller

Strike four?


Regular readers of this space will know I have been chronicling the failures of the “4 ways to get marketplace coverage.” For example, in addition to the website (which is broken), we have documented that the 1-800 number doesn’t work – and that the “navigators” also can’t sign you up (without a working Healthcare.gov website).

As you might have guessed, an investigation into the fourth option, mail, was in order. And to continue the sports metaphor, they’re now 0-for-4.

Try filing out this application. Really. I’ll wait. You’re going to burn a lot of calories in the process. And here’s the funny part: Even though you can begin the process now via mail, you won’t be able to actually sign up for a plan without a working website or 1-800 number. But I’m getting ahead of myself.

You’d probably have to be an accountant to understand the application. But even after completing the pages and pages of questions, the process is only just beginning. The application only tells them if you’re eligible.

See “step 6″ of the instructions (and note the highlighted part) below, which reads: “You’ll get information on how to enroll in a plan (if you’re eligible) when you get your eligibility results.”


After completing the sixth step on the application – and sending it in (and assuming it arrives), you will next be contacted with eligibility results.

And assuming you are, in fact, eligible, you’ll still have to go to Healthcare.gov or call the 1-800 number to select that plan. (As the healthcare.gov website says: “Once you get your eligibility notice, you can either go online to compare, choose, and enroll in a plan or contact our call center.)

Go online? What’s the point of the mail alternative as a website workaround if you still have to go online??

To confirm this is actually the process, Dave Petno, a healthcare guru who has been helping us document the system’s challenges, called the 1-800 number and talked to a supervisor about the paper application.

Listen to his conversation with the supervisor – and read the transcript below. I think you’ll see that a). this is a byzantine process, and b). it is clear that the three “alternate” ways to sign up for ObamaCare are actually all contingent on having a working website:

……………………Click on image above to listen to audio.


Dave: After step six, it says “mail it in,” and then it says “Next steps: you’ll get information on how to enroll in a plan, if you’re eligible, when you get your eligibility results.” So what does that mean?

Supervisor: It means that after the marketplace reviews your application, you’ll be notified about which programs or lower (inaudible 0:20) that you may qualify for and how to compare plans and enroll in a plan.

Dave: So are you saying they’ll be sending me quotes through the mail or…how’s that going to work?

Supervisor: No, you’ll probably either, however you choose to be notified of the information in the application that actually gives you that way…either you’re going to receive it by email or if you want it to be sent by paper…that general information will be sent to you. Or you can contact us and find out what the status of your application is, and if we have the information available at that point in time, we’d be able to provide you with the information about what you had qualified for.

Dave: And to feed that back to you, when I get the eligibility notice, however I get it, what do I do next?

Supervisor: The information is that once you receive that notice, it actually has information about giving us a call, which is (inaudible 1:16) to compare plans and do all that or you’re able to actually go online and create a (inaudible 1:20) account to send the information that way.

Dave: So if I call you back with this paper notice, you’re going to take my information…and then what are you going to do with it?

Supervisor: We should be able to assist you with not only providing you or notifying you about the program that you qualify for, but also allow you to or assist you with comparing the plans and enrolling with the plan of your choice.

Dave: Are you going to be using healthcare.gov to take my information at that time? Are you plugging me into healthcare.gov?

Supervisor: We are going to be using the information because that whole plan comparison and everything like that is on healthcare.gov, so whether you apply through healthcare.gov or use a paper application, we’re still able to assist you.

Dave: Okay, but either way, we go back through healthcare.gov, is that right?

Supervisor: Correct, that’s where the plans are available at.

Dave: So once I call you back with my eligibility file or plug it in, then it tells me my options and how to actually get insurance, is that right?

Supervisor: You mean on the healthcare.gov site after you’ve received the eligibility results?

Dave: Yes.

Supervisor: Right, you’re able to compare and select a plan there, or you’re able to give us a call, and we’re able to assist you (inaudible 2:44).

Dave: Okay, and then once I select a plan, do I give you my credit card number or put it into healthcare.gov?

Supervisor: No, it’s not. We don’t do any type of payments over the phone. That is made directly with the plan.

Dave: Okay. And how does that happen?

Supervisor: You would contact the plan or the plan would give you a call in regards to the application that you filed with them.

Dave: Okay, and then I validate what plan it is that I want and then I pay them somehow?

Supervisor: Correct, yes sir.

Dave: And then I would have coverage starting….what’s the earliest date coverage is?

Supervisor: January 1st.

Dave: Okay. Alright, I appreciate it. You’ve cleared it up for me. Thank you so much.

Click HERE For Rest Of Story


Related audio:



It Figures. Ex-Con And Child Sexual Predator Wants To Fill Jesse Jackson Jr.’s Seat

It Figures. Ex-Con And Child Sexual Predator Wants To Fill Jesse Jackson Jr.’s Seat – Gateway Pundit

And, no doubt, Democrats will vote him right back into office.

Former Representative and child sexual predator Mel Reynolds wants to run for Jesse Jackson Jr’s seat in Congress.

He told reporters today, “Nobody’s perfect.”

The Chicago Tribune reported:

Disgraced former U.S. Rep. Mel Reynolds said he will ask voters to focus on his congressional experience rather than his state and federal criminal record as he announced his bid today for the seat held by Jesse Jackson Jr., who has resigned.

At a downtown hotel news conference, Reynolds acknowledged having made “mistakes” in the past. For his campaign, he will try to assume the mantle of an incumbent while also seeking redemption from voters. Red and white campaign signs urged voters to “re-elect” Reynolds “so he can finish the work” while another stark red sign with white letters said simply: “Redemption.”

Reynolds held the 2nd Congressional District seat from 1993 until October 1995, when a Cook County jury convicted him of several sex-related charges, including having sex with an underage volunteer campaign worker. While serving time in state prison, Reynolds also was convicted on federal financial and campaign fraud charges. President Bill Clinton commuted Reynolds’ sentence to time served in 2001.

Click HERE For Rest Of Story