The Centers for Medicare & Medicaid Services (CMS) reported 316 security- related incidents, between October 2013 and March 2015, affecting Healthcare.gov—the web portal for the federal health insurance marketplace— and its supporting systems. According to GAO’s review of CMS records for this period, the majority of these incidents involved such things as electronic probing of CMS systems by potential attackers, which did not lead to compromise of any systems, or the physical or electronic mailing of sensitive information to an incorrect recipient. None of the incidents included evidence that an outside attacker had successfully compromised sensitive data, such as personally identifiable information.
However, GAO identified weaknesses in technical controls protecting the data flowing through the data hub. GAO also identified additional weaknesses in technical controls that could place sensitive information at risk of unauthorized disclosure, modification, or loss. Report.
Federal Times: Poor controls leave Healthcare.gov, state exchanges vulnerableRead the full report