HealthCare.gov audit reveals 'critical' cybersecurity risks

Staff -

A federal audit has found the health records of millions of HealthCare.gov users have been stored in a computer system with basic security flaws, according to an Associated Press report.

MIDAS, the $110 million electronic database used to store the information of registered HealthCare.gov users, does not include medical information, but does contain Social Security numbers, names, birth dates and phone numbers.

The flaws, uncovered by HHS auditors, included 135 database vulnerabilities, some of which were labeled potentially severe or catastrophic. Security lapses ranged from unencrypted user sessions and failure to conduct automated vulnerability scans to software bugs.

The Medicare agency is now conducting weekly MIDAS vulnerability assessments and has addressed all of the auditor's findings within a week of their identification, according to a statement from Medicare administrator Andy Slavitt.

Copyright © 2024 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.