Preventative Treatment For Heartbleed On Healthcare.gov

← Back to Stories (view on slashdot.org)

Preventative Treatment For Heartbleed On Healthcare.gov

Posted by timothy on Saturday April 19, 2014 @01:59PM from the welcome-to-centralized-medicine-dot-gov dept.

As the San Francisco Chronicle reports, "People who have accounts on the enrollment website for President Barack Obama's signature health care law are being told to change their passwords following an administration-wide review of the government's vulnerability to the confounding Heartbleed Internet security flaw." Take note, though; the article goes on to immediately point out this does not mean that the HealthCare.gov site has been compromised: "Senior administration officials said there is no indication that the HealthCare.gov site has been compromised and the action is being taken out of an abundance of caution. The government's Heartbleed review is ongoing, the officials said, and users of other websites may also be told to change their passwords in the coming days, including those with accounts on the popular WhiteHouse.gov petitions page." Also at The Verge

81 comments

Min score:

Reason:

Sort:

In Union of the Soviet Socialist States of Amerika by epyT-R · 2014-04-19 14:12 · Score: 1

we bleed hearts..
"no indication ... site has been compromised" by tlambert · 2014-04-19 14:20 · Score: 4, Funny

"no indication ... site has been compromised"
I believe them.
What possible motive would a hacker have for targeting a site containing social security, tax, medical, personal, and financial information?
I'm sure it's all perfectly secure.
Just in case, though, you should probably change your one-factor authentication token so that the next time your "keep me logged in" cookie expires, it's hard to remember.
1. Re:"no indication ... site has been compromised" by davidhoude · 2014-04-19 14:45 · Score: 5, Insightful
  
  Due to the fact that this exploit leaves no traces in server log files, we have concluded that there is no evidence of an attack on our servers.
2. Re:"no indication ... site has been compromised" by Anonymous Coward · 2014-04-19 14:59 · Score: 0
  
  Considering the US government created the Heartbleed exploit in order to spy on us, I doubt they would have left their own websites vulnerable.
3. Re:"no indication ... site has been compromised" by tlambert · 2014-04-19 15:06 · Score: 2
  
  If only it could have been prevented via a cheap, preventive program, instead of costing so much later! I know! We should lobby them to create a new agency, one tasked with the security of the nation, and when they knew about risks like this, why, they could step in and ensure that no one would unwittingly deploy vulnerable systems in the first place!
  Perhaps we could call them the Responsible Agency for Intelligently Securing the Interests of the Nation... R.A.I.S.I.N., for short... or National Organization Securing You... N.O.S.Y. for short... I'm still working on the name.
  We could even nominate someone to put in charge of making sure they are doing the job they are supposed to be doing, a kind of Special National Operations Watch Director Executive Nominee... Haven't decided what to call that one yet, either...
4. Re:"no indication ... site has been compromised" by laird · 2014-04-19 17:18 · Score: 2, Insightful
  
  The site doesn't have any medical information at all. That's one of the advantages of outlawing the "pre-existing condition" scam - you no longer have to tell insurers your medical history to buy insurance. And the web site only needs enough other information to verify your identity and income (for computing the subsidy you qualify for, if any). And since they don't collect any payments, they have no payment info (no credit card numbers, etc.) or any credit history.
  And on top of that, once the data is passed to the insurance company and accepted by them, the personal data is purged from the web site.
  So all you can get by hacking the site is the partial data from people who haven't completed the process yet. And that's mainly name, social security number, and claimed income. Which is much less information than anyone on the planet can buy about anyone in the US for a few dollars from any credit reporting service - for a few bucks, they'll sell your complete transaction history, credit ratings, income, debt, etc., - all much scarier than the minimal amount of info on the healthcare site.
  
  --
  Enable 3D printed prosthetics!
5. Re:"no indication ... site has been compromised" by Anonymous Coward · 2014-04-19 17:40 · Score: 0
  
  That's one of the advantages of outlawing the "pre-existing condition" scam
  Just because you don't like something doesn't make it a scam.
6. Re:"no indication ... site has been compromised" by Anonymous Coward · 2014-04-19 18:03 · Score: 0
  
  Most of the government projects I've worked on that deal with medical data are required to adhere to very strict infrastructure design limitations -- one of which is the use of a logging proxy for any DMZ servers, which captures and logs all (yes, all) tcp requests. Proper parsing of that log data would, in fact, reveal an exploitation attempt.
7. Re:"no indication ... site has been compromised" by Anonymous Coward · 2014-04-19 18:31 · Score: 0
  
  It doesn't make it not a scam either.
8. Re:"no indication ... site has been compromised" by ganjadude · 2014-04-20 00:53 · Score: 1
  
  you are giving them too much credit
  
  --
  have you seen my sig? there are many others like it but none that are the same
9. Re:"no indication ... site has been compromised" by tlambert · 2014-04-20 18:46 · Score: 1
  
  The site doesn't have any medical information at all. That's one of the advantages of outlawing the "pre-existing condition" scam - you no longer have to tell insurers your medical history to buy insurance.
  No, you still have to tell them; that provision of ACA doesn't occur until the end of this year, after you are already enrolled (by which time, it's too late). Until then, they have to let you enroll, they don't, however, have to charge you a reasonable monthly rate if you have a pre-existing condition. They said they had to let you buy it, not that it wouldn't be expensive. That one of the reasons the first 'A' in 'ACA' is a bit misleading.
10. Re:"no indication ... site has been compromised" by laird · 2014-04-21 16:58 · Score: 1
  
  The pre-existing condition exclusion was outlawed starting 1/1/2014. And that applies to all insurance plans sold through the exchanges, including all of the plans sold through the healthcare.gov web site, which is what we're discussing.
  The extension until 2015 was to allow insurance companies to keep keep existing customers on insurance plans that aren't up to the standards, but those are sold directly by the insurance companies, not through the exchanges, so aren't relevant to this discussion. And since it's only for existing customers, I'm not sure that they'd ask for medical history which presumably they already had from the original enrollment.
  Also, ACA covers the case you mentioned - "No more pre-existing conditions means you can't be denied coverage, charged more, or denied treatment based on health status" . So everyone pays the same, whether they have a pre-existing condition or not. Because jacking up rates until nobody can afford them is the same as excluding people - that's what they used to do, and it was immoral, and now it's illegal.
  So the first 'A' in ACA seems to be working out. Healthcare costs are up this year less than any year in decades, and insurance companies are already complaining that the rates next year will be 'too low', though I don't think they're going to get much sympathy.
  
  --
  Enable 3D printed prosthetics!
Wording... by Anonymous Coward · 2014-04-19 14:40 · Score: 1

The word you are looking for is "preventive".
oh, sorry by slashmydots · 2014-04-19 15:20 · Score: 4, Funny

Sorry, heartbleed is actually a pre-existing condition so it's not covered.
1. Re:oh, sorry by DexterIsADog · 2014-04-19 15:43 · Score: 0
  
  That would have been funny if the law hadn't eliminated that insurance company scam.
2. Re:oh, sorry by cold+fjord · 2014-04-19 15:49 · Score: 0
  
  That would have been insightful if the law hadn't eliminated insurance coverage for many Americans.
  
  --
  much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
3. Re:oh, sorry by artor3 · 2014-04-19 16:26 · Score: 0, Flamebait
  
  The latest CBO report shows that the law is on track to reduce the total number of uninsured people by 12 million this year. Page 8 of the PDF.
  And if you check page 14, you'll see that that estimate was based on just enrolling 6 million people in the exchanges this year. The actual number is 8 million.
  But keep lying. Maybe if you repeat it enough, it'll turn true!
4. Re:oh, sorry by sumdumass · 2014-04-19 17:23 · Score: 2
  
  I don't see the mention of 12 billion at all on that page or the ones next to it. All I see is that 6 billion are projected to be enrolled through the exchanges this year.
  I did however see where a lot of those enrolled were subsidized through already available health aid like medicaid and medicare (chips and such).
  It is interesting that the claim was made that roughly 15% of Americans didn't have insurance or around 45 million people and this was the reasoning why we needed federal involvement in insurance. Even if we allow your number of 12 million number unquestioned, I don't see it as any success. It is still less that half which by most grading scores would be an F for failing.
  It is even more interesting that you claim someone posting something contrary is lying and it might turn true if they post it enough. I mean I can understand exaggeration coming from disgruntled citizens who now have to purchase something from a third party simply for being a citizen else face a penalty without any due process or right to face their accusers in a court of law or jury trial in which the constitution seems to protect except in this case which also happens to be dished out by the one organization within the government the people already fear- the IRS who has been shown recently to be converted for political purposes and the sitting head at the time of the conversion now claims she doesn't have to say anything to law makers and oversight committees because what she says may incriminate herself if she answers any questions about that conversion. But exaggeration coming from someone who supposedly supports the law seems to indicate something fishy is going on.
5. Re:oh, sorry by Anonymous Coward · 2014-04-19 17:27 · Score: 0
  
  But keep lying. Maybe if you repeat it enough, it'll turn true!
  should probably look at yourself.
6. Re:oh, sorry by OhPlz · 2014-04-19 17:35 · Score: 2
  
  If by costing less you mean costing more, and by doing nothing you mean fucking over the Constitution.. you're exactly right.
7. Re:oh, sorry by slashmydots · 2014-04-19 18:12 · Score: 1
  
  Wroooooooong. It's illegal to not accept you as a health insurance customer due to a pre-existing condition. It's not illegal to make you sign a waiver saying they won't cover it, like for example seasonal allergies, like for example my policy.
8. Re:oh, sorry by Anonymous Coward · 2014-04-19 18:38 · Score: 0
  
  Yeah, actually it is, and seasonal allergies are mentioned by name as verboten for exclusion purposes. You should probably man up and ask for professional help if you want to avoid getting screwed in the ass so publicly in the future.
9. Re:oh, sorry by florin · 2014-04-19 19:49 · Score: 1
  
  Yeah, even the ridiculously activist Supreme "corporations are people and money is speech" Court didn't think they could get away with that one.
  Try another talking point. Benghazi maybe?
10. Re:oh, sorry by Rich0 · 2014-04-19 22:07 · Score: 1
  
  I suspect that a big part of the problem is that the fine for not having insurance is too low. That discourages healthy young people from signing up, since they can always sign up later with little penalty (pre-existing conditions must be covered).
  And before you go all authoritarianism on me, you can't have it both ways. Either you have to allow insurance companies to deny pre-existing conditions, or you have to force people to buy insurance. If you don't do either then people wait until they're sick to buy insurance, and then insurance companies go out of business. Socialist healthcare systems like in Europe do the second one by basically buying insurance for everybody through tax receipts (I didn't say that the insured had to directly pay the premium).
  So, either you get people complaining about having to pay for insurance they don't want/need, or you get people being ripped off by insurance companies who claim that they must have first contracted their diabetes 6 years ago when they were unemployed and uninsured for two months and it just went undetected all the remaining time so they refuse to pay for it. The thing is, the people who say they don't want/need insurance are more than happy to sign up for it once they get an expensive medical condition, so what they usually really want is to have the benefits of insurance without actually paying for it.
11. Re:oh, sorry by sumdumass · 2014-04-19 22:42 · Score: 1
  
  And before you go all authoritarianism on me, you can't have it both ways. Either you have to allow insurance companies to deny pre-existing conditions, or you have to force people to buy insurance. If you don't do either then people wait until they're sick to buy insurance, and then insurance companies go out of business. Socialist healthcare systems like in Europe do the second one by basically buying insurance for everybody through tax receipts (I didn't say that the insured had to directly pay the premium).
  Such shallow thinking. How about forcing a penalty after needing treatment without insurance or the ability to pay it? I mean should we force everyone to pay a speeding ticket once or twice a year because we know they might speed but not get caught? It goes completely against the grains of judicial logic in the US. You do not need to force insurance purchased or allow preexisting condition exclusions. You can simply penalize the people who do not have coverage when they need it and also do not have the ability to pay for their treatment. You can also mandate as part of that penalty that they maintain coverage for a certain period of time.
  
  The thing is, the people who say they don't want/need insurance are more than happy to sign up for it once they get an expensive medical condition, so what they usually really want is to have the benefits of insurance without actually paying for it.
  What people want is to not pay for something until they need it. They don't want to buy new tires for their car until their old ones need replaced, They do not want to buy another gallon of milk until the other is almost empty. Can you blame them for not wanting to be forced into buying something they do not need at the moment?
  The thing is, the insurance available to those people who do not want it, is more or less the same as not having insurance for all practical purposes. I had a Health Savings Account and a catastrophic plan. The catastrophic insurance cost me $5 a week or $20 a month and covered any major medical like a broken bone, cancer, heart attach and so on. Everything else was out of pocket which you will find that medical bills are dramatically cheaper when you are paying cash or cash equivalent at the time of service. That's where the HSA came in handy, the $95 Hemoglobin A1c with fasting glucose levels out the door cost me $22 total when paying cash at the local hospital. Outside of getting that checked for a physical, I don't spend much more than $1.5-2k a year in medical with many years being less that $1000. Now I have to purchase insurance that costs $110 a month and carries a $3000 deductible. So I'm out $90 a month plus out of pocket expenses. I have read that in some areas, it is even worse with $5-8k deductibles and higher monthly costs.
  But yes, we can have preexisting condition coverage and not mandatory insurance if we treated it just like we treat every other crime and not penalize someone until they actually do something wrong.
12. Re:oh, sorry by DexterIsADog · 2014-04-20 00:15 · Score: 1
  
  Oh lord, I attracted one of the premiere trolls on Slashdot. I take that as a sign that I'm not too far off the track.
  
  I don't have the time to read your response, but don't let that stop you from posting more nonsense.
13. Re:oh, sorry by DexterIsADog · 2014-04-20 00:17 · Score: 1
  
  Well you convinced me! You can't be wrong - you dipped into your emergency supply of o's to put *8* of them in one word.
  
  I'm thinking Claritin overdose. Am I right?
14. Re:oh, sorry by Rich0 · 2014-04-20 01:53 · Score: 2
  
  And before you go all authoritarianism on me, you can't have it both ways. Either you have to allow insurance companies to deny pre-existing conditions, or you have to force people to buy insurance. If you don't do either then people wait until they're sick to buy insurance, and then insurance companies go out of business. Socialist healthcare systems like in Europe do the second one by basically buying insurance for everybody through tax receipts (I didn't say that the insured had to directly pay the premium).
  Such shallow thinking. How about forcing a penalty after needing treatment without insurance or the ability to pay it?
  What happens if you have no insurance for 20 years, and never get sick. Then you sign up for insurance and pay your bills for 5 years. Then you get sick. What is the fine, and what happens if the person doesn't have the money to pay it at this point?
  Why wait 20 years to charge them for 20 years of premiums?
  The most sensible solution would be to just have the government buy insurance for anybody who does not do so, and then tax them for it. That is what happens if you don't mow your lawn - the local government will just mow it for you and send you a bill, and put a lein on your house if you don't pay it.
  However, for whatever reason the government choosing your insurance policy turned people off, so instead we have a tax that people without insurance have to pay. The problem is that the tax is way too low, so for those who are young and healthy it just makes sense to pay the tax.
  
  You do not need to force insurance purchased or allow preexisting condition exclusions. You can simply penalize the people who do not have coverage when they need it and also do not have the ability to pay for their treatment. You can also mandate as part of that penalty that they maintain coverage for a certain period of time.
  If the penalty is less than the total of all the unpaid premiums, then there is no incentive to buy insurance, and the insurer loses money on the patient (since the premiums are calculated as the amount of money needed to cover losses on average, plus a profit).
  What you propose is like a retirement plan where you tell people to save up for retirement, and then if they fail to do so and have no money you fine them, except they have no money so you can't fine them, and you still have to pay for their retirement. If you want people to invest in the future you have to give them incentive to do it when they can actually do it (whether investment is for retirement, or future health problems, or whatever).
  
  The thing is, the people who say they don't want/need insurance are more than happy to sign up for it once they get an expensive medical condition, so what they usually really want is to have the benefits of insurance without actually paying for it.
  What people want is to not pay for something until they need it. They don't want to buy new tires for their car until their old ones need replaced, They do not want to buy another gallon of milk until the other is almost empty. Can you blame them for not wanting to be forced into buying something they do not need at the moment?
  This is INSURANCE. The whole point of insurance is that you don't know when you'll need it, so you pay money now so that in the event you need it you know you'll have it. I "waste" money on fire insurance every month. My house will probably never burn down, and thus I'll probably never get anything back. However, if my house does burn down, then I get a new house for very little money.
  The only way to allow people to not buy health insurance is if we as a society refuse to provide care for them when they get sick unless they can pay the full bill themselves. If we were all sociopaths that system would work just fine, and people WOULD buy insurance because they would understand the consequences i
15. Re:oh, sorry by sumdumass · 2014-04-20 02:45 · Score: 1
  
  What happens if you have no insurance for 20 years, and never get sick. Then you sign up for insurance and pay your bills for 5 years. Then you get sick. What is the fine, and what happens if the person doesn't have the money to pay it at this point?
  Do you even understand this question? What happens if I purchase insurance for 2 months and get sick. It doesn't matter, I purchased the insurance just the same as if I purchased it 20 years ago.
  
  However, for whatever reason the government choosing your insurance policy turned people off, so instead we have a tax that people without insurance have to pay. The problem is that the tax is way too low, so for those who are young and healthy it just makes sense to pay the tax.
  The problem is the tax is a penalty with no due process administrated by the one organization in the government that can make your life a living hell if you attempt to object to it. Nowhere in the law is the penalty called a tax either. The Obama administration actually argued it wasn't a tax when people took the mandate to court and one justice on the supreme court declared it a tax so it would be constitutional. But all that ignores that the tax is a punitive tax- it is applicable only if you fail to do something. All other federal income taxes are based and you get deductions or exemptions for doing something. This entire premise that the government can call a penalty a tax and continue to administer it as a penalty is an affront to freedom and everything in the bill of rights not to mention the US constitution. Start with the 9th amendment and then look at the others like the right to due process, the right to a jury trial, the right to freedom of religion.
  
  This is INSURANCE. The whole point of insurance is that you don't know when you'll need it, so you pay money now so that in the event you need it you know you'll have it. I "waste" money on fire insurance every month. My house will probably never burn down, and thus I'll probably never get anything back. However, if my house does burn down, then I get a new house for very little money.
  And some people do not and will not need it. Why are they forced to pay for it when they do not want to? Why are normal law abiding citizens being told they are no longer free and must do as the government says and purchase something from a third party when they do nothing wrong? You can waste your money all day long, why must you insist I waste mine too? What happens when some gun nut tea party gets elected and declares that anyone who doesn't own a gun has to pay a $2000 a year penalty?
  
  The only way to allow people to not buy health insurance is if we as a society refuse to provide care for them when they get sick unless they can pay the full bill themselves. If we were all sociopaths that system would work just fine, and people WOULD buy insurance because they would understand the consequences if they didn't.
  lol.. so the last 200+ years of this country didn't happen and everything starts right now because you though of something you pretend is the only possible logic?
  
  They would call 911 with chest pains, the call center would be set up to do an automatic insurance/credit check, and the guy on the phone would tell them that if they'd like an ambulance they need to get somebody else to provide a credit card number if the credit check isn't good. That isn't the society most voters want to live in.
  And that happens every day in the previous 200+ years of our country's existence? Am I right or are you making things up in order to justify your worldview?
  
  And such issues don't cost that much money to treat or are incredibly rare, which is why regular insurance plans don't cost that little. What was your plan if you got diabetes or kidney failure? Is that when you sign up for the $110/month plan and stick everybody e
16. Re:oh, sorry by Anonymous Coward · 2014-04-20 03:01 · Score: 0
  
  You mean the ones whoes insurance cover was sooooo bad it wouldnt have covered it anyway right?
17. Re:oh, sorry by Anonymous Coward · 2014-04-20 03:18 · Score: 0
  
  Exactly, such as all the men without abortion coverage and that sort of thing that the new law makes available .... at a cost. Oh, and exclude the people that no longer have coverage due to the penalties such that their hours were cut back and they no longer have coverage.
18. Re:oh, sorry by Rich0 · 2014-04-20 04:14 · Score: 2
  
  What happens if you have no insurance for 20 years, and never get sick. Then you sign up for insurance and pay your bills for 5 years. Then you get sick. What is the fine, and what happens if the person doesn't have the money to pay it at this point?
  Do you even understand this question? What happens if I purchase insurance for 2 months and get sick. It doesn't matter, I purchased the insurance just the same as if I purchased it 20 years ago.
  The whole point of insurance is that in order for it to work, people need to pay MORE than they consume on average. If people wait until they're sick to sign up, it can't work.
  
  This is INSURANCE. The whole point of insurance is that you don't know when you'll need it, so you pay money now so that in the event you need it you know you'll have it. I "waste" money on fire insurance every month. My house will probably never burn down, and thus I'll probably never get anything back. However, if my house does burn down, then I get a new house for very little money.
  And some people do not and will not need it. Why are they forced to pay for it when they do not want to? Why are normal law abiding citizens being told they are no longer free and must do as the government says and purchase something from a third party when they do nothing wrong?
  So, your choices are force everybody to buy insurance even if they don't "need" it, or let people die when it turns out that they needed it after all.
  In most cases insurance is voluntary, but then you suffer the loss if you don't have it. That's how health care was supposed to work before the ACA. The problem with that is that insurance companies were scumbags and if there was any lapse in coverage they assumed that your sickness started during the lapse and denied coverage. On the other hand, if you get rid of that loophole then everybody else behaves like scumbags and avoids paying for insurance until they start to feel sick.
  
  What happens when some gun nut tea party gets elected and declares that anyone who doesn't own a gun has to pay a $2000 a year penalty?
  If people who didn't own guns cost the average citizen money, then I'd be fine with such a law. People without health insurance DO cost others money, unless we as a society choose to let them die.
  
  The only way to allow people to not buy health insurance is if we as a society refuse to provide care for them when they get sick unless they can pay the full bill themselves. If we were all sociopaths that system would work just fine, and people WOULD buy insurance because they would understand the consequences if they didn't.
  lol.. so the last 200+ years of this country didn't happen and everything starts right now because you though of something you pretend is the only possible logic?
  Yeah, I guess everything being peachy is the reason Obama won the election... The previous system worked reasonably well for anybody with a job with a large employer. The problem is that costs are spiraling out of control and the model just wasn't sustainable, and MANY people had no healthcare at all.
  
  They would call 911 with chest pains, the call center would be set up to do an automatic insurance/credit check, and the guy on the phone would tell them that if they'd like an ambulance they need to get somebody else to provide a credit card number if the credit check isn't good. That isn't the society most voters want to live in.
  And that happens every day in the previous 200+ years of our country's existence? Am I right or are you making things up in order to justify your worldview?
  200 years ago if you dialed 911 you wouldn't get an answer, because you didn't have a phone. We hardly have 200 years of experience with modern medicine. Go take a l
19. Re:oh, sorry by Smurf · 2014-04-20 04:26 · Score: 1
  
  The latest CBO report shows that the law is on track to reduce the total number of uninsured people by 12 million this year. Page 8 of the PDF.
  
  I don't see the mention of 12 billion at all on that page or the ones next to it.
  
  Of course you mean 12 million, not 12 billion.
  The reason you can't find the number is because you are (quite correctly) looking at the page labeled as number 8. Unfortunately the PDF was not formatted correctly and the numbering is not restarting after the four-page preamble. Because of that, @artor3's PDF reader is incorrectly telling him that the page he is looking at is number 8, while you will find it's labeled as number 4.
  So, go to page 4, Table 2, and look at the column for 2014. The Item (Change in Insurance Coverage Under the ACA) for Uninsured shows an increase of -12 (millions).
20. Re:oh, sorry by sumdumass · 2014-04-20 19:49 · Score: 1
  
  You might as well just give it up. All you arr doing id regurgitsting the same yhing differrnt ways. You think it is fine that i am compelled to lose my money and freedom for the financial security of some third party because you might use that third party and it might cost you slightly more if i didn't.
  I believe that is a crock of crap and that just like anything else in a free country, you arent penalized and lose your freedom until you actuslly do something wrong. I doubt i will ever agree your concept is good.
21. Re:oh, sorry by OhPlz · 2014-04-21 02:37 · Score: 1
  
  They have no credibility on that case. It's either a tax or a fine. The court allowed the feds to use either throughout the testimony. It's one or the other, not both. The court gave the administration a free pass.
  The courts aren't always right. Now it's up to the people.
22. Re:oh, sorry by laird · 2014-04-23 00:30 · Score: 1
  
  The founding fathers passed a mandatory healthcare plan (for sailors) with government-collected penalty for non-payment. So I doubt that they'd agree with your "logic".
  
  --
  Enable 3D printed prosthetics!
23. Re:oh, sorry by laird · 2014-04-26 18:59 · Score: 1
  
  The non-partisan CBO says that ACA is saving the budget $billions, and is saving more money than originally projected (http://www.cbo.gov/publication/44176). For example, the 80/20 rule (that caps insurance company overhead at 20%) has already saved consumers $4 billion by itself. And healthcare costs went up less this year than any year in decades.
  And many millions of Americans have healthcare that didn't before, which saves lives. And, interestingly, it also saves money, because people with regular healthcare cost a lot less than people who get really sick and then require extremely expensive ER visits (which we all end up paying for).
  So I'll stick with what the facts support - ACA is saving money, and saving people's lives.
  
  --
  Enable 3D printed prosthetics!
Re:Yea right... by Penguinisto · 2014-04-19 15:26 · Score: 3, Interesting

Leads to an honest question that cropped up... does the federal government have to abide by any sort of data-breach reporting laws (be they state or federal)?
(maybe they have their own, maybe they're exempt... I'm not a lawyer, but it'd be worth looking up...)

--
Quo usque tandem abutere, Nimbus, patientia nostra?
This does not seem to be news by SuperKendall · 2014-04-19 15:28 · Score: 4, Insightful

I have no love for Healthcare.gov, but honestly just about every site is sending out notices that people may want to change passwords. Heck, Yahoo *made* me change my password.
Like everyone else they don't know if anything was taken. And frankly, Heatbleed is probably the least of the security issues Healthcare.gov has... I'd be way more worried about backbend systems, and then it doesn't matter what your password is.

--
"There is more worth loving than we have strength to love." - Brian Jay Stanley
1. Re:This does not seem to be news by Anonymous Coward · 2014-04-19 16:15 · Score: 0
  
  I'm old fashioned. I don't do any banking on the internet. I prefer to see them in person.
  The worst that could happen to me is someone might steal my e-mail account. I have several. I no longer have Yahoo. I dutifully changed my password after their security breach a coupe of months ago.
  Unfortunately, I was drunk when I changed my password and I'm sure it was a very clever password too. In fact, it was so clever that I haven't a clue what it is.
  Hmmmm...maybe I could go on to one of these cracker sites and find out what my password actually is. I don't really regret losing my Yahoo e-mail address, but there are a few people who only had that as a way to contact me...and I actually might want to talk to a few of those people. /And no, I didn't give Yahoo my phone number //The email address for confirmation was NetZero, which I haven't logged into in almost 10 years ///can't log into my NetZero e-mail either, but whether that's because I can't remember the password or because they deleted it due to 10 years of inactivity is unclear to me.
2. Re:This does not seem to be news by Anonymous Coward · 2014-04-19 16:38 · Score: 0
  
  Sounds like you're a victim of your own hard-headed policy.
3. Re:This does not seem to be news by mwvdlee · 2014-04-19 17:58 · Score: 1
  
  This.
  Every single site that was vulnerable to heardbleed should be resetting all passwords.
  There are a LOT sites that were vulnerable, but very few have done large scale password resets.
  The only bad thing Healthcare.gov is doing, is letting people choose to change passwords; they should do like Yahoo did.
  
  --
  Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
4. Re:This does not seem to be news by dkf · 2014-04-19 19:19 · Score: 2
  
  Like everyone else they don't know if anything was taken. And frankly, Heatbleed is probably the least of the security issues Healthcare.gov has... I'd be way more worried about backbend systems, and then it doesn't matter what your password is.
  As I understand it, the majority of the implementation of healthcare.gov is Java. Java's SSL implementation doesn't have the heartbleed bug at all (and implementing this bug would actually take a lot more work than doing it right). If there's a problem, it's most likely in a front-end load balancer; I don't know if you'd see a lot of user credentials in that case, as the damage wouldn't be in systems that handle client authentication.
  The database(s) might be affected too, but you probably can't reach them from a normal system; the heavily firewalled approach is a favorite of Big Software Contractors and is actually right in this case. I suppose if they were affected, processing the update to them (carefully as you don't want to lose data!) would count as preventative treatment while still properly supporting the assertion that no real damage was done.
  
  --
  "Little does he know, but there is no 'I' in 'Idiot'!"
Absurd position by the government by JohnM4 · 2014-04-19 15:30 · Score: 1, Interesting

This is completely absurd. They have to know right away whether or not their website logins were vulnerable (that is, were they running OpenSSL with the bug) or whether they were running other versions of SSL without heartbleed. It's a black and white situation. There's no gray middle ground.
1. Re:Absurd position by the government by Anonymous Coward · 2014-04-19 16:33 · Score: 1
  
  Vulnerable is not the same as compromised (even though best practices dictate it should be treated as such when rebuilding systems). You can be vulnerable to a security issue without that issue having been exploited -- or, in most cases, vulnerable without having any evidence that issue was exploited.
2. Re:Absurd position by the government by Anonymous Coward · 2014-04-19 17:23 · Score: 0
  
  That assumes of course, that none of the millions of people with accounts on healthcare.gov used the same login/pass there as they did on any website using OpenSSL, a very poor assumption indeed.
Re:In Union of the Soviet Socialist States of Amer by Anonymous Coward · 2014-04-19 15:33 · Score: 0

Healthcare.gov: a case of heartbleed given to you courtesy of the bleeding hearts.
Captcha: artery
Re:Yea right... by Anonymous Coward · 2014-04-19 15:34 · Score: 4, Informative

FISMA/SCAP regulations are the main ones. Data stored there is likely SBU (sensitive but unclassified.)
It is a pretty thorough set of regulations. This is why not many cloud providers (if any!) are FISMA compliant, as it requires random audits by the government.
I'd love to see a standard in the private industry that had planned and random audits of security, with actual consequences (PCI-DSS3 comes close), but most security in the private sector seems to be "does the vendor say it is secure? OK, it is."
And... by maz2331 · 2014-04-19 15:57 · Score: 1

Nobody can type "yum update openssl"?
1. Re:And... by Anonymous Coward · 2014-04-19 16:27 · Score: 1
  
  Does `yum update openssl` generate new keys, generate new CSRs, submit CSRs with payment information to the CA, update sites with the new certificates once the CA has signed them, and then notify all users that they should change their passwords? Didn't think so.
2. Re:And... by Anonymous Coward · 2014-04-19 18:18 · Score: 0
  
  No, you open source freaks are still carefully (re)examining the patch. REMEMBER? Problem is bad source code produces bad binaries.
  What part of writemyownmallocOuch_it_hurts_when_i_pee don't you get?
  Just go back to telnet. Once you realize your data is opensource you'll stop spraying it all over the internet.
  We simply have to rediscover our roots and use the internet for what it was designed for.
  ascii porn.
Grandparent had it right. by Ungrounded+Lightning · 2014-04-19 15:58 · Score: 2

The word you are looking for is "preventive".
No, it's not. The usage you're complaining about is perfectly valid.
"Preventative" has been in use since 1666 as an alternate pronunciation and spelling for "preventive".
In some regions (including where I grew up - almost in the center of the region natively speaking the "radio accent", which has been the de facto standard speech for the U.S. since the advent of commercial broadcasting) it is the preferred form.
If you want to be a spelling NAZI, you should avoid being provincial about it. Check the online dictionaries before correcting others, to distinguish between being helpful and imposing your local speech on others.
Unlike French ("a dead language spoken by millions"), American English does not have a regulatory body prescribing an official standard (though some educators have tried, since at least Daniel Webster). It grows and changes by usage. Dictionaries play a game of catch up and try to document how it's realy used.
(Yes, I know how it grates on your nerves when someone uses a different spelling or pronunciation than you're used to. I feel the same way when my wife pronounces "legacy" as if she was talking about a ledge. But apparently that's actually the first pronunciation listed in The Oxford.)

--
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
1. Re:Grandparent had it right. by Anonymous Coward · 2014-04-19 17:08 · Score: 0
  
  realy
  Got you! Now everything else is invalidated.
Re:Yea right... by Oysterville · 2014-04-19 17:06 · Score: 2

They traditionally haven't paid much attention to the law, so I'm not certain that they would do much different here.
This new Republican scam... by Anonymous Coward · 2014-04-19 18:36 · Score: 0

is ridiculous. They created this "bug' then took advantage of it for years. One Democrat estimated that the Republicans made more than two billion dollars off of this bug. Why is the DC police not rounding-up Republicans? They created this problem then took advantage of it. They even admitted to the recent breach at Michael's. Of course, Obama doesn't have the power to pursue the Republicans that broke the law. They still control the judicial branch and the executive branch so none of them have been arrested for what they did yet. Fuck them and their scams.
1. Re:This new Republican scam... by ganjadude · 2014-04-20 01:11 · Score: 1
  
  ummmm WHAT?
  
  --
  have you seen my sig? there are many others like it but none that are the same
2. Re:This new Republican scam... by Anonymous Coward · 2014-04-20 02:24 · Score: 0
  
  Same stupid off topic troll post in every thread. What a moron.
3. Re:This new Republican scam... by Anonymous Coward · 2014-04-20 09:25 · Score: 0
  
  Typical Obama voter... probably has a free "Obama phone" too...
  "They (Republicans) created this "bug' then took advantage of it for years."
  No. Everybody with a brain knows it was a simple, dumb coding error by one guy, in Germany IIRC ... they guy probably ran out of Mtn Dew at 3AM
  "One Democrat estimated that the Republicans made more than two billion dollars off of this bug."
  You can find one anonymous Democrat who'll say ANYTHING. Hell, you can find one NAMED Democrat to say almost anything - consider Democrat Congressman Henry C. "Hank" Johnson Jr. for example.
  "Why is the DC police not rounding-up Republicans? They created this problem then took advantage of it."
  The DC police are not rounding up Republicans because they'd have to have some teensy tiny shred of evidence that some law had been broken, rather than just your clueless random accusations that lack ANY evidence.
  "They even admitted to the recent breach at Michael's."
  No "they" did not, and again you cite NO evidence because there's as much for your accusations as there is for the idea that president Obama ever did anyting productive before getting elected, which is to say: none. zip. zero. diddly-squat. nada ....
  "Of course, Obama doesn't have the power to pursue the Republicans that broke the law. They still control the judicial branch and the executive branch so none of them have been arrested for what they did yet."
  Ummmm.... ever attend a school? President Obama is RUNNING the executive branch of the government. HIS GUY (Eric Holder) is in charge of all law enforcement at the national level; he's the guy in charge of prosecuting terrorists, he's the guy in charge of the FBI, every single federal prosecutor, every single employee in the ENTIRE JUSTICE DEPARTMENT. In fact, Holder is the reason nobody is in jail for the criminal acts that Obama's IRS comitted against TEA Partiers (the IRS releasing private tax records to somebody's political opponents is a FEDERAL CRIME) because, as top-dog in the justice department, Holder can simply drag his feet and effectively refuse to investigate and prosecute the President's people. Your drivel about Republicans controlling the Judicial branch is just as ignorant - The majority of the judges in the federal system are Clinton (Democrat) and Obama (Democrat) appointees. Sure, Bush43 was in office for 8 years appointing judges, but the 8 years before that were Clinton appointees and the 5 years post-bush are Obama years; many judges appointed by previous presidents are dead or retired by now. The Supreme court is en exception because people tend to stay there until they rot and die... but THAT court decides very few cases (mostly it lets the rulings of the lower courts stand)
Good thing the ACA passed by Arancaytar · 2014-04-19 19:26 · Score: 1

Because with Heartbleed being introduced early 2012, long before that website launched, it would have been one hell of a pre-existing condition. :P
You're not too good at reading comprehension by Anonymous Coward · 2014-04-19 19:38 · Score: 1, Informative

nor at understanding the CBO, are you?
First, let me explain something about the CBO: The CBO is an accounting organization (NOT a true policy analysis organization) that serves the congress by running whatever numbers the congress asks it to run. In other words, if a member of congress asks for a report that says "Assuming I have a warp drive that can propel any mass through space for free at up to 10 times lightspeed, and assuming Jupiter has a solid surface at a height above the planet's core where 1G would be felt, how much will it cost to colonize Jupiter?" The CBO would dutifully calculate costs and project timetables for the endeavor WITHOUT ANY REGARD for whether the specifics I have provided as a "given" are, in fact correct. Citing the resulting CBO report would then look GREAT on a website but would be sheer insanity. The CBO does not question the presuppositions the congress members give it, as a matter of policy, in order to avoid becoming a partisan entity within a political fight - i.e. they'll generate good results based on good assumptions, or a mathematically-solid pile of crap based upon piles of pre-supposed crap, on a bi-partisan and equal-opportunity basis. CBO analysis is almost always wrong (because politicians always feed it rosy scenarios for policies they like and dismal scenarios for policies they hate). For those engineers reading this: CBO numbers should be take as "figures of merit" which may be used to compare competing policy ideas WHEN THOSE IDEAS COME WITH MATCHING BI-PARTISAN GROUNDRULES.
Second, even though the specific report you linked to was generated with Democrat pre-suppositions, it STILL shows the ACA to be a lie... Obama said the thing would not increase the deficit, but the report you cited says it will cost an extra $1.3 to $1.8 TRILLON over the next ten years with fine-print noting: "These numbers exclude effects on the deficit of provisions of the Affordable Care Act that are not related to insurance coverage." In other words, huge costs involved in oversight and regulation of (1) Insurers (2) hospitals (3) drug companies (4) individual taxpayers and also expenses for things like the website, and the annual marketing to remind people of enrollment periods, plus all the statistical data the plan requires the government to gather and analyze on everybody.... and on, and on, and on is NOT accounted for
Third, even with it's pro-Democrat bias, the report admits that in the year 2024 (ten years from now) there will still be 31 MILLION uninsured Americans even after we've spent the (ballpark) $1.5 TRILLON (plus not-analyzed-but-acknowleged-other-costs) AND after we've kicked MILLIONS of people off the policies that Obama swore they'd be able to keep and cut-off their access to the doctors he swore they'd be able to keep. "Obamacare" was built on lies, sold on lies, will be kept on life support using lies, and will be devestating to younger Americans who will pay far higher taxes over their lives, get worse healthcare, and have many fewer opportunities. Good policies do not need to be marketed with years of lies .... but then this HAS been a long-term goal of Progressives, for whom "the ends justify the means"
Fourth, the report admits that the Republican who yelled "You Lie!" at Obama during his State of the Union speech was, in fact, the one who was telling the truth: Under the ACA, illegal immigrants are not required to spend any money or buy anything BUT they get access to our hospitals - so THEY get coverage without ANY of the requirements the law burdens middle-class Americans with.
Sorry, but I've been reading CBO reports for decades, and I know both how to fully read them and also where to go to see and read the context.... kindly take your dishonest lazy talking points back to Kos and HuffPo where the gullible dupes lurk.
1. Re:You're not too good at reading comprehension by ganjadude · 2014-04-20 01:09 · Score: 1
  
  someone mod this post up. There is too much rationality being told
  
  --
  have you seen my sig? there are many others like it but none that are the same
Re:Yea right... by Anonymous Coward · 2014-04-19 23:02 · Score: 0

AWS has a level of FISMA compliance - https://aws.amazon.com/compliance/
Re:Yea right... by flyneye · 2014-04-19 23:14 · Score: 1

Meanwhile Kathleen Sebelius sneaks back to Kansas and hides in the basement of an outhouse.....

--
*Repent!Quit Your Job!Slack Off!The World Ends Tomorrow and You May Die!
Re:Yea right... by flyneye · 2014-04-19 23:23 · Score: 1

Yeah, they do, or the Meta-cops will bust them for not doing the right thing.
There are meta-cops, right?
The Fed is answerable, right?
Someone is big enough to do something about it, if they dont , right?
If there is a law they have to obey it or face consequences, right?
We have a long list of examples of this , right?
Bush? Clinton? Reagan? Carter? Ford? NIXON... see, someone got caught, feel better? Johnson didnt get caught because he was funny and Kennedy didnt get caught because he was a soap opera. Only homely Quakers with shifty eyes get caught, WORD!

--
*Repent!Quit Your Job!Slack Off!The World Ends Tomorrow and You May Die!
It's a tax. Not a fine by tomhath · 2014-04-20 02:20 · Score: 0

If it was a fine the Supreme Court would have struck down the law. But they recognized Congress' authority to impose taxes, so the law stands.
1. Re:It's a tax. Not a fine by Anonymous Coward · 2014-04-20 02:33 · Score: 0
  
  A tax on living.
  Guess that makes large numbers of the homeless etc into tax evaders too now.
2. Re:It's a tax. Not a fine by Rich0 · 2014-04-20 02:45 · Score: 1
  
  If it was a fine the Supreme Court would have struck down the law. But they recognized Congress' authority to impose taxes, so the law stands.
  Semantics. But, whatever. s/fine/tax and my argument stands. You can't force insurance companies to treat pre-existing conditions unless you make people pay for insurance when they're healthy (or have somebody else pay for it for them).
  If you want to understand how insurance works, first look at what the insurance pays for. Then figure out the total annual US cost of paying for that thing. Then divide that by the total population of the country, and add a few percent. That is the cost per-person of insurance if everybody buys it (whether they think they need it or not).
  On the other hand, if you only want people who need it to pay for it, then instead of dividing it by the total population, divide it by the number of people who think they need insurance, and since you're dividing by a smaller number you get a bigger insurance premium.
  In the case of health insurance, if only people who get sick want to pay for insurance then the cost will be something like 20x higher, and then the sick people won't want insurance since it costs more than their care.
  Insurance is normally just voluntary socialism. The problem with healthcare is that we don't like making people die without treatment when they get really sick, so we don't want to make it voluntary. Insurance only works as a voluntary program if you actually let people who don't buy in suffer the full consequences of their decision. As soon as you create a "safety net" you've basically created an insurance program where all the taxpayers are paying for insurance for everybody, and that only works if you tax them enough to pay for it. However, Obamacare expects private insurance companies to actually pay the bills (aside from subsidies applied to premiums). So, you can't have a "safety net" in that case.
3. Re:It's a tax. Not a fine by Rich0 · 2014-04-20 02:47 · Score: 1
  
  A tax on living.
  Guess that makes large numbers of the homeless etc into tax evaders too now.
  What do you think socialized healthcare is? Socialism only works if you don't let people opt-out.
  Granted, the homeless folks aren't really the problem, since for the most part they're the recipients in any socialized benefit. The issue is the person who makes plenty of money and doesn't feel they need to pay taxes (which mostly benefit others).
4. Re:It's a tax. Not a fine by Anonymous Coward · 2014-04-20 04:23 · Score: 0
  
  The vast majority of medical spending is on chronic illness for the elderly. You should have your argument focus on this type of common outcome rather than "suddenly gets sick/hurt".
5. Re:It's a tax. Not a fine by Anonymous Coward · 2014-04-20 05:46 · Score: 0
  
  Required purchase of health insurance is NOT Socialism!
  Many will still not be able to afford it or obtain sufficient assistance to do so.
  Prices will continue to go up.
  This kind of stuff just sets off a bidding war to get regulations past which benefit the assorted providers of insurance, pharmaceuticals, medical centers, doctors,,,,etc..
  If you really socialized it, that would turn the medical insurance providers efforts elsewhere or they would become buggy whip companies. Of course it would also mean that all the required fields for the provision of medical services would have to be owned by the State with the related historic problems there of. As bad as that may sound, it is perhaps a better option then forced insurance purchase. Especially to the lower end of the 99%. Just because there is "assistance" there, doesn't mean one can get or maintain it, nor that it will be sufficient.
6. Re:It's a tax. Not a fine by Rich0 · 2014-04-20 11:43 · Score: 1
  
  Required purchase of health insurance is NOT Socialism!
  Many will still not be able to afford it or obtain sufficient assistance to do so.
  True, on its own it isn't. ACA does include subsidies for the poor which is a form of socialism, though limited in scope.
  
  Prices will continue to go up.
  Well, they don't have to under a system like this if it is done right (aside from inflation, or rising levels of service). I don't think the ACA was really done right - it was a compromise all-around. The US health system is a nest of problems, and ACA really only hits a few of them. There is no one thing that you can do to fix it.
7. Re:It's a tax. Not a fine by Rich0 · 2014-04-20 11:45 · Score: 1
  
  The vast majority of medical spending is on chronic illness for the elderly. You should have your argument focus on this type of common outcome rather than "suddenly gets sick/hurt".
  Sure, but it doesn't really change anything. In fact, most people become elderly so it only stands to reason that most people are going to need insurnace, and the money they pay in when they're young makes up for the money they take out when they're old.
Re:Yea right... by Anonymous Coward · 2014-04-20 03:47 · Score: 0

Yup. As does Terremark. http://www.terremark.com/services/it-infrastructure/cloud-services/enterprise-cloud-federal-edition/
Re:Yea right... by dremspider · 2014-04-21 02:44 · Score: 1

All part of the Fed Ramp program. http://cloud.cio.gov/fedramp
Probably one of the smarter things the government has done.