Slashdot Mirror
Hackers Break Into HealthCare.gov
mpicpp is one of many to point out that hackers broke into the HealthCare.gov website in July and uploaded malicious software. "Hackers silently infected a Healthcare.gov computer server this summer. But the malware didn't manage to steal anyone's data, federal officials say. On Thursday, the Health and Human Services Department, which manages the Obamacare website, explained what happened. And officials stressed that personal information was never at risk. "Our review indicates that the server did not contain consumer personal information; data was not transmitted outside the agency, and the website was not specifically targeted," HHS spokesman Kevin Griffis said. But it was a close call, showing just how vulnerable computer systems can be. It all happened because of a series of mistakes. A computer server that routinely tests portions of the website wasn't properly set up. It was never supposed to be connected to the Internet — but someone had accidentally connected it anyway. That left it open to attack, and on July 8, malware slipped past the Obamacare security system, officials said.
The country's in the very best of hands.
"the malware didn't manage to steal anyone's data, federal officials say."
Mostly because at the time, no one had yet been able to successfully complete the sign up process.
4chan is approaching AARP eligibility.
How, in this day and age, does this kind of stupid shit keep happening? How are network admins not creating L2 & L3 separations in the network, with internal firewalls and IDS? How are operations engineers not building local firewalls on machines, and locking down through security policies?
This isn't 1994 any more people. Hand crafted individual artisanal servers, personally wrapped in cotton wool and hand reared by the friendly neckbeard, are not how things should be done at scale in this day and age.
FTFA: "Our review indicates that the server did not contain consumer personal information..."
So we're consumers to government services now?
It was bad enough when the corporations changed from using customers to consumers, but no way in hell should the government use that term in reference to its citizens.
--- Keep the choice with the user..
exactly one :-D
Nowhere in the comments above you does anyone blame Obama for this. Your pre-emptive overreaction betrays you.
> It was never supposed to be connected to the Internet — but someone had accidentally connected it anyway.
This is where "we don't need security because the machines will never be connected to the internet" falls apart.
Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
TFA is on CNN, not on Fox.
Nowhere in the article there's any blame addressed to Obama.
I think maybe you're seeing things brother..
healthcare.gov was better protected then sony? homedepot? target?
Not too bad.
The Kruger Dunning explains most post on
LOL does anyone believe this? Do you remember security people warning just exactly how easy it was to infiltrate and get the data? It was even done as proof of concept.
Believe me someone has gotten in and stolen something.
"If any question why we died, Tell them because our fathers lied."
Most naive headline evar.
The news isn't that someone broke in. They've been in since before it went live. The news is that someone noticed.
Maw! Fire up the karma burner!
We don't know either. It's media speak for some arbitrary subset of data about someone that some administration mouthpiece has fed the stenographe^Hreporters after consulting with some government lawyer somewhere.
Sorry. Can't help you.
Maw! Fire up the karma burner!
Has /. Been hacked by right wing crazies? I thought nerds were too smart to believe Fox News. And yet it's always Obama's fault. Yeah, I am sure he personally patched in the server by mistake. #EverythingThatGoesWrongCanBeBlamedOnObama
These days, all you have to do is post something they can echo chamber about, and they will descend like locusts. >
Try posting a story about 9 year old girls don't have the right to kill gun range officers with an automatic pistol and see what happens.
They'll have their caps lock and loaded - ready to rumble.
The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
I find that when tackling a problem, it's often much more effective to tackle the correct side of it. For example: when a vessel is leaking, putting a plug in the side with LOWER pressure is far less effective than, if it can be done, putting the plug in the side with HIGHER pressure. Prosecuting people who manufacture, transport, distribute, and SELL drugs is infinitely less effective than prosecuting the people who USE them (and yes, I'm getting to my point here, in a second,) and the fact that in the US they do BOTH is the cause of so much utterly needless, useless, pointless suffering, and causes WAY more problems than it WOULD solve, if it did in fact even solve ANYTHING AT ALL, which it doesn't.
Which brings me to my point. The reason most of this hacking takes place is that the information stolen is VALUABLE. Make it worthless, and the thefts would STOP.
If I may add to this, DUH!
So rather than try to come up with ever more and more sophisticated ways of protecting data, (which I'm not against, but again, it's important to attack the CORRECT side of the problem,) is make it worthless and pointless to steal. How? You are the nerds, YOU figure it out!
Seriously though, what good is stolen data? Well, you could sign up for credit or take out loans, for example, with stolen identifying information.
THIS could probably be fixed very simply, by increasing the standards of verification you need to present to GET a loan, by for example, requiring anyone extending you any kind of credit to VERIFY you are whom you say you are, physically, in person. It is possible as I understand it to open bank accounts, etc., over the phone or via the internet, and THAT sort of nonsense has to STOP. How to enforce this? Very simple. Tell anyone empowered or authorized to act as a lender, a bank, credit union, credit card issuer, etc. etc. etc. that they are OBLIGATED to be able to prove that whenever they extend someone credit, and if they can't, then the person in question is NOT obligated to pay, and they are prohibited from reporting any kind of negative information to any credit reporting agency of any kind, or pursuing any kind of remedy whatsoever against the individual(s) concerned.
Similarly, retailers (etc.) should be obliged to check your card when paying via a credit card, against your photographic ID, and your FACE, and write down the number of your ID card ON THEIR COPY OF THE RECEIPT to prove they checked, or the buyer should be able to decline to pay (the credit card company reverses the charge,) without penalty of any kind because they should be regarded as having a duty to ensure the card being paid with isn't stolen, etc.
These efforts would almost certainly reduce severely, or eliminate the majority of these data breaches, theft of data, etc. Just make it worthless, and people will stop stealing it, and that's the key.
As a final thought, and case-in-point, if they treated people viewing stolen explicit photos (#recentcelebrityselfiehacks) as the criminals and not the hackers, first, they could actually CATCH people, and in so doing reduce or eliminate demand. Want to know why they want pictures of these famous, and often beautiful people but NOT their trash, for example? Because the photos are WORTH something, while the trash is generally worthless.
Get it? We need to stop and THINK before we attack a problem, and consider, are we attacking the correct part of the problem, or just spinning our wheels, wasting our time, and very very frequently, making things MUCH WORSE!
You certainly sound like you eat drink and poop Fox News.
Sounds like you watch Fox News therefore I don't have to consider anything you say. QED. Plus, I'll rant like a loon for a while and strengthen my argument!
Give the job of fixing this to the newly minted Federal Government CTO announced on SlashDot just today! http://en.wikipedia.org/wiki/M...
Oh wait, problem, that's not her job, that falls under the Secretary of Health and Human Services control... Washington DC is broken, very broken...
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
No I do not. But all the "statements" made by the commenter could have been lifted from Fox News. Anyone who thinks that starting multiple wars is a loon, in my book. Democrat. Always was one and always will be one. Knocked on doors for then Senator Obama in Iowa in 2007-08. Fought crazy Ron Paul supporters who lied about streets that had been canvassed. I did not listen to them and got supporters to pledge for Senator Obama, Ran for delegate to the 2012 DNC and won - went to Charlotte, NC and worked on both campaigns - 2008 and 2012. Are we clear?
"Let us raise a standard to which the wise and honest can repair" - George Washington
"Yes - it's a big failure" - Yes, that much we can certainly agree on. Here is a little news flashback for you (I intentionally did not choose a story from Fox News or similar Right-leaning news source) : http://www.huffingtonpost.com/...
Not surprisingly, the administration has quitely stopped releasing signup numbers, despite a promise to do so in the article above: http://hotair.com/archives/201...
The Obama administration continues to play fast and loose with the term "enrollment" and still refuse to tell the public how many people have actually paid for an insurance plan via the Obamacare website.
I'm not suggesting that people should "die" when they get sick. Far from it. I believe that Americans should get the best medical care available.
What I am suggesting is that the implementation of the Affordable Care Act has been a collosal bungle, the likes of which the free world has never seen.
hotair.com/ Hot Air is the leading "conservative blog"for breaking news and commentary covering the Obama administration - boom. Hot air it is. Nice of you to post this, but suprisingly, I remain unconvinced.
"Let us raise a standard to which the wise and honest can repair" - George Washington
Ran for delegate to the 2012 DNC and won - went to Charlotte, NC and worked on both campaigns - 2008 and 2012. Are we clear?
Well, we're clear that you have poor judgment.
As far as the Huff post, you knows how to pick em, doncha? You do realize that the website is NOT like it was in October 2013, right? But maybe not. Hey, I hope you never get sick and have to pay every penny you have and then some to get well. I would suggest you check out dailykos.com for better information about how the ACA has actually saved lives. Peace.
"Let us raise a standard to which the wise and honest can repair" - George Washington
I deliberately chose to post from a left wing site (Huffington) and a right wing site (as you noted, Hot Air). Both articles reach the same conclusion. A fact that you seemingly have failed to grasp. Are you disputing the collective conclusions or are you just pissed off that things didn't work out the way you wanted them to?
In most cases you'd expect hackers to hack in and break the site, in this case they probably felt obligated to fix it knowing that that would annoy far more people than taking it off-line :)
-- If at first you don't succeed, lie!
Any conclusion based on malware found is ridiculous. You are basing a conclusion on false pretense and incomplete information.
A real investigator concludes loss of data or other impact based on actual evidence to show those effects. The presence or non-presence of malware is not evidence of such activity. Its only evidence of that malware.
Also, malware does not "slip" around. That is a patently false statement, proving the ongoing poor comprehension of what computer security is all about, and an attempt to avoid blame, responsibility, or accountability.
Sigh.
Look. Do governments always get things right the first time, or does landmark legislation, like the Civil Rights Act of 1964, and now the ACA, get tweaked over time and move towards single payer unlike the Romneycare the ACA was based upon? It is clear to me that you think a website is all that the ACA is. We can go on, but hey, have a good healthy life. Gotta get up manana and plug in some unprotected servers. Maybe President Obama can give me some tips? B-).
"Let us raise a standard to which the wise and honest can repair" - George Washington
Why does people who do not like the idea of the government collecting and storing personal data (under threat of law in most cases) that until recently was private and confidential on servers accessible by the internet have to be trolls for the Koch brothers?
And why would that be bad?
Here is the problem that maybe you simply do not get. Storing all your information on the internet is not a good thing. We have fought tooth and nail forever trying to get people to understand that and now the government decides it is best practice. So yes, completely make fools of fools might very well be warranted here. Maybe then it would cause people like you to wake up.
"consumer personal information"
Contrary to popular belief, Obamacare doesn't actually provide healthcare, they are an intermediate between a person and an insurance company that provides a level of coverage for health care.
The fact that many are forced by law to use the PPACA website shouldn't detract from the fact that people are actually consuming the insurance product (although at the end of a gun). So people who purchased insurance or consumed products from the website is what they are talking about.
I only wonder what we call lies about the lie? Is that like... somehow a lie multiplier?
No hard feelings. We just have a different point of view. I hope that the ACA works out in the end. I really do. All governments must seem to have a poor track record when it comes to this sort of thing. Time will tell. Cheers.
Because of course, every sick person died before the Democrat party came along, right?
I'm sorry, but you Democrat partisans can go hang out in the same hell as the Republican partisans - just leave us freedom loving folk *alone*. Stop trying to tell us who we can and can't marry, how many rounds of ammo we can have in one clip, what dirty words aren't allowed on TV, or how much insurance we have to buy.
Frankly, the best option we have is to never give a party more than one term in office - keep swapping them out, every 4 years (or 6 or 2 for congress critters), and maybe, just maybe, they won't be around long enough to *really* fuck us.
Those damned republicans probably denied the funding they needed to also make it secure.
No doubt it was a Windows machine, and the poor bastard who hooked it up to the internet probably used Internet Exploder 7.
All those moments will be lost in time, like tears in rain... time... to... die...
Meta-lie?
If you think I voted for Trump because of this post, you're wrong. I voted for Dr. Jill Stein of the Green Party. Again.
"Misstatement of the Year" is not as headline grabby.
Table-ized A.I.
The signups have been tracked by one guy - current total is some 9m. Check out http://acasignups.net/
After the startup glitches (your HuffPo link was from last year, and is well out of date) the site seems to be functioning OK.
I don't even know who the Koch Brothers are. I don't watch any form of TV, so I don't care about Fox news either. What I do care about is a government that solves problems with more problems. I know that the medical industry has issues, but it all comes down to cost being so high. So what did the government do? They mandated things that made it more expensive. I know their aim was to have those with higher levels of income to pony up more money for medical insurance, and give tax breaks to those that need help, but it simply hasn't turned out that way. Dems doctors wants they mufukin moneys, yo.
There's no need to take everything that people say as being left or right. Doing so makes you more of a robot than a person capable of reviewing facts. They have ears, but they do not hear.
Politics; n. : A religion whereby man is god.
No, he was either lying, or he intentionally did not listen to his advisers who were trying to tell him that people would not be able to keep their insurance or their doctors. Well, it is also possible that he assumed that people had voluntarily chosen doctors and insurance they did not like, so would be perfectly happy to give it up for insurance which covered less and cost more and doctors who delivered poorer service (largely because new regulations would require the doctors to spend more time filling out forms for bureaucrats than actually treating their patients).
The truth is that all men having power ought to be mistrusted. James Madison
I am not posting this AC cause I dont care, you need to know..,.I just left the healthcare IT industry after 4 years...because security was a sham. It was up to me, the admin, to go on my own and secure everything. I had to do this after hours, on my on time, cause during the core business hours I had to do releases, stand up more servers, baby sit the dev's, fix customer SSO issues, etc. Developers run the web sites..dont believe me..well try to get Ruby devs to change the code ruby auto generates from "Select * from users" to only select the user. Try to make the DB not return a query formed like that. try to break the tables apart so when the code is trying to verify a user who is loggin in, the same row doesnt contain EVERYTHING about them.The devs shit bricks and bitch they cant meet schedule... cause THATS HOW RUBY WANTS IT (or java to some extent). and these are the devs on US soil. the ones in india dont really care, they get paid by the hour, a low amount, so why not argue over shit like this for weeks and miss schedule and drive up the cost(their income) I have worked for two large healthcare websites, that currently hold around 100+ million US users PHI data, and the systems are not as secure as they should be. If they were targeted, they would fold. I know because for some long periods of time i was the ONLY admin at these sites. when i try to lock some things down, ruby or java broke. The customer wants a new feature, by next week, then we did it. Customers like CVS pharmacy, Cigna, Humana. Not to mention the the majority of US companies are going towards a tele-health option for their employees. So when YOU get that letter in the mail saying you now havea tele-health option, guess what, we already have ALL your personal data, from your employer.. whether you choose to sign up or not. Im not saying telehealth is a bad idea, just that in today's society, profit drives everything, security is way down the list of priorities...and as these breaches continue to happen, remember it is not THE ADMINS fault...we can only do so much. yes this is Obamas fault, he is like the CEO. every CEO i have worked for has been more concerned with profit, schedule, capabilities then securing YOUR data.
#include bier;
No I do not. But all the "statements" made by the commenter could have been lifted from Fox News. ....
So you don't watch Fox News but know that all the comments could have been lifted from them? I guess you must have seen snipits posted on sites you read and assume that the editorial part of Fox News is the news part - the same editorial parts that CNN and MSNBC have but leaning the other way.
Democrat. Always was one and always will be one.
Ah - well I'm glad you admit to have an open mind. Sounds like the Democrats don't really have to do anything to win your vote - which is probably why they don't really care what they do on the privacy or war fronts.
Umm...it was a joke dude. Obviously more than one person has been able to sign up. Thanks for playing though.
After the startup glitches (your HuffPo link was from last year, and is well out of date) the site seems to be functioning OK.
Except for this security breach, right?
I would suggest you check out dailykos.com for better information about how the ACA has actually saved lives.
Do you realize that healthcare actually was working for the vast majority of people? ACA has not really been around long enough to determine if it saved lives. And will you count people that die because their previous insurance was lost because of ACA the fault of ACA or the fault of the private insurance?
I have a feeling that in your mind, anything good regarding ACA is to the credit of government and anything bad is the fault of the businesses or republicans. That's a nice, sheltered world to live in. (I base this on your comments that you don't even listen to alternative views and will always vote democrat.
There are times in life when you need to admit " I'm just digging this hole further down", and let it go.
That time for you, in this argument, is now.
However, I know you won't.
Please, keep talking, I find your unabashed partisanship amusing.
Failing to reach a goal is NOT a "lie", by most accounts. It's failing to reach a stated and/or promised goal.
There are different ways to screw up and I am not letting O off the hook in general for screwing that up. But I am bothered by its classification as a "lie" (without having more specific info), being a persnickety nerd about certain things.
Table-ized A.I.