The Wall Street Journal reported yesterday that a hacker invaded the HealthCare.gov insurance enrollment site. Apparently the hack occurred in July, and the perpetrator uploaded malware to the system in order to wage future attacks on other sites. However, there is no evidence that the criminal viewed or stole any personal consumer data, and did not seem to be targeting the healthcare site in particular.
Danny Yadron of The Wall Street Journal was the first to break the story. On the hacker's behavior he comments, "Hackers often take over troves of computers and servers to direct mischief traffic at websites. The rush of traffic, known as a denial-of-service attack, overwhelms the site and knocks it offline." Federal officials assure citizens that the website was simply used as a portal for purposes unrelated to information gathering.
Although the attack appears to have been relatively benign, Michael Astrue, a former Social Security Commissioner, told Forbes the incident constituted "the most widespread violation of the [federal] Privacy Act in our history." The overriding concern now is that the system was weak enough to be breached at all, and may remain vulnerable to more malicious attacks.
This is a huge concern because by the end of open enrollment about 5.4 million people registered for healthcare on the site. Even though the hacked server did not contain sensitive information, it was connected to parts of the website that do. Officials report that areas of the site housing social security numbers and other sensitive information were protected by more robust fortifications, so it would have been difficult for the hacker to execute a complete breach.
When handling customers' private, valuable information it is crucial to maintain the strongest security measures available. All organizations, not only retailers, need to take this responsibility seriously. Make sure your company's credit card processing software is secure, giving you and your clients peace of mind.