Obamacare Puts Your Personal Data at Risk

networkneutralityMaybe three million people have signed up for Obamacare. That’s less than half the seven million that the administration expected by the end of open enrollment in March. There are several reasons for this shortfall: Many consumers (especially the young) find the coverage too expensive, many have given up trying to sign up via the website or by phone, and others are simply ignoring the risk that they will be fined (or penalized or taxed) for dodging the mandate to buy health insurance.

However, a large number of consumers would like coverage but are nervous about surrendering personal information to the Obamacare exchanges. They are right to be worried. The Centers for Medicare & Medicaid Services (CMS), which oversees the exchanges, has never had access to so much personal information about so many people. And its history of dealing with data it has collected gives grounds for concern.

Last December, the Government Accountability Office (GAO) published a report with a damning title: Agency Responses to Breaches of Personally Identifiable Information Need to Be More Consistent.

The report is an eye-opener. From 2009 through 2012, the annual number of reported data breaches (affecting personally identifiable data) almost doubled from about eleven thousand to about twenty-two thousand.

CMS was one of the agencies examined by the GAO. During the period, CMS had few data breaches. This is not surprising, because it did not have a consumer-facing website that gathered personal data. Nevertheless, CMS failed to react responsibly to the small number of data breaches it allowed to happen. It neither assessed the likelihood and potential severity of harm associated with those incidents nor determined whether notification to affected individuals was needed. Indeed, according to GAO, “CMS did not document a risk level for 56 of the 58 incidents we reviewed” during the period.

That is: CMS did not bother to even assess the risk of exposing personally identifiable data for 97 percent of security breaches it experienced. And it does not (cannot) notify possibly affected individuals.

And the period examined ended almost two years before the Obamacare exchanges opened for business. Last October, CMS began enrolling people at healthcare.gov, the website for people applying for Obamacare health insurance if they are in a state with a federally run health-insurance exchange Millions have already surrendered personal data to the website.

David Kennedy, a cybersecurity expert who runs a firm called TrustedSec, revealed a startling problem during his testimony at congressional hearings on the security of healthcare.gov. He emphasized the lack of effective security for personal data submitted to the website. One can reasonably expect that he knows what he is talking about. He is a so-called “white-hat” hacker—companies hire him to break into their computers and then tell them how to fix the entry points he discovers. .


Obamacare’s own cybersecurity expert—a government employee—has claimed before congressional committees that everything is hunky-dory. But how can we trust him when the administration refuses to disclose what is going on under the hood of Obamacare?

Between November 27 and December 15, the supermarket Target suffered a breach that allowed hackers access to online customers’ credit-card and shopping data. The company immediately announced the problem, and is taking steps to address the consequences. It has a website dedicated to explaining what it is doing in response to the data breach.

As a private company, Target cannot afford to irritate its customers. The federal government, however, faces no such constraint, and is keeping a tight lid on Obamacare’s website problems.

Given CMS’s terrible history of managing data breaches, Americans reluctant to submit personal data over the Internet are not unduly paranoid. They are exercising reasonable caution. As for those who have already signed up for Obamacare:  How many have already had their personal data compromised? Given the White House’s secrecy regarding Obamacare’s operations, those who have already signed up should also be nervous.

Print Friendly

Leave a Reply

The politically motivated, wrongful prosecution of Rick Renzi

New AG Sessions and Congress Must Investigate DOJ Corruption in the Case of Rep. Rick Renzi
Rick Renzi Puts Together Top Legal Team to Appeal Hidden Evidence of FBI Agent's Corruption
Judge Unbelievably Refuses to Grant a Retrial for Former Rep. Renzi Despite Finding Rampant Prosecutorial Wrongdoing
Bombshell: New Evidence Reveals Prosecutor Corruption in Trial Against Former Congressman Rick Renzi
Time For a Congressional Investigation: Shattering New Developments of Corruption in Rep. Renzi Trial
Judge Unravels Illegal Activity by Prosecution That Ensured a Conviction of Renzi — But Will he do Anything About it?
Former Congressman Renzi Deserves a New Trial
SCOTUS Turns Down Former Rep. Rick Renzi’s Appeal of Legal Assault

Enter your email address:

Delivered by FeedBurner