No personal information was accessed when a hacker broke into HealthCare.gov earlier this summer, but malicious code was installed in the system, according to The Wall Street Journal. The code would have been used to conduct denial-of-service attacks on other sites in the future.
Federal health officials say it's the first time anyone has successfully broken into the government health insurance portal, and that the exchange system was "not specifically targeted."
But it does suggest that personal information stored in the system could be accessible to determined hackers, especially since this breach was not the result of a specific attempt to hit HealthCare.gov.
As the Journal notes, the system "stores deeply personal details on Americans, including Social Security numbers, financial data and names of family members." Just because the information was left undisturbed this time around doesn't mean the risk doesn't exist.
The federal government has been warned in the past about potential vulnerabilities to the system. A memo written by a senior federal health official dated September of last year found multiple issues it described as "high risk" and also said that "the threat and risk potential (to the system) is limitless." Henry Chao, the Medicare tech official who oversaw much of the federal exchange implementation process, claimed not to have seen the memo prior to launch.
The FBI recently warned that "malicious actors" were "targeting healthcare related systems," possibly with the intention of accessing personal information.
Start your day with Reason. Get a daily brief of the most important stories and trends every weekday morning when you subscribe to Reason Roundup.