Website Security Fail: USA Obamacare Websites Were Not Fully Tested for Security

Understand the Law and Online Security for Your Website

At the end of 2013, one of the final elements of Obamacare rolled out with a brand-spanking new government website designed for millions of Americans to shop for low cost health insurance online. This website, along with dozens of health care exchange websites launched in multiple states, have all been part of massive changes being made to health care benefits as a result of the Patient Protection and Affordable Care Act. Opening up the health care marketplace to allow consumers to pick and choose their own benefits is the goal of reform in a financially defunct medical system.

According to news reports, and several other state health care websites were not fully tested beforehand – exposing the sensitive and personal information of thousands of consumers in just the first few hours post-launch. The website errors were discovered as consumers began receiving identity theft alerts immediately after completing information on the health care exchange websites.

A CBS news analysis revealed that, “key tests to ensure the security and privacy of customer information on troubled Obamacare website fell behind schedule.” This was reportedly caused by repeat changes in Obamacare updates and testing delays as web developers raced to beat proposed deadlines. Standard security testing that protects website code was not finished, making it easy to reverse engineer the code and steal millions of pieces of information from registrants. This major government FAIL essentially left hackers a key to the back door.

What’s the Problem?

While it may seem like a simple oversight, the real problem here goes much deeper than a security snafu. The overwhelming problem that caused this was a lack of adequate project management on behalf of the development team who designed the website. Henry Chao, the Chief Project Manager for, advised the Centers for Medicare and Medicaid Services that he believed the website to be safe. He also stated that a missing memo that outlined important security risks nearly a month before the website launch never made its way to his desk.

With proper planning and management, the laws could have been adhered to and website security may have been prioritized. Yes, there were deadline problems and a lot of pressure to launch the websites by October 1st , but at what cost? Once again the American people have been treated as second best to a government agenda coming from the White House. The government still stands by its dedication to protect the safety and security of citizens, however this recent issue causes many to doubt this promise.

What’s the Solution?

Obviously, and as suggested by several security agencies, the website should be taken down and tested for high level compliance. CBS News correspondent, Jan Crawford, reported that, “House Intelligence Committee Chairman Rep. Mike Rogers, R-Mich indicated that taking the website down temporarily to test it would be wise. Independent reviews by former FBI cyber-security representatives back this up.

However, as of this article, the website is still live and being advertised heavily on other media. You may have noticed the commercials on television advising people to get online to complete their applications for health care benefits. It’s as if the government just wants Americans to turn a blind eye to this.

What Can Your Business Learn from this Website Fail?

First, we have learned that in order to successfully launch a website, you need a seasoned team of website professionals including a capable project manager with above-average time management and communication skills. Second, there must be a system for managing the security of your website code and any information provided by your customers. Website security and upkeep is critical to success in any online business, protecting you and your customers from information theft and damages.

Website security measures can include multiple layers of protection, including malware and spam blocking, firewalls and secure logins. You’ll want to use a reputable server to host your website on, and trustworthy coders to create the layout and structure of your website from the code up. Website security also means putting measures in place to alert users of access and security issues, so that your team can promptly handle any problems.

The world is an increasingly dangerous place, therefore your website development and maintenance needs to be supported by a company that understands this (FX Digital). Don’t let your website become another security fail story.

Leave a Reply

Your email address will not be published.