Newsroom Hype or Hyperbole? Cyber-security issues with Obamacare Website

Will McAvoy of HBO’s Newsroom acclaim summed it up like this in one episode; “(We) miscalled election results, hyped up terror scares, ginned up controversy, and failed to report on tectonic shifts in our country….We took a dive for the ratings.”  The latest buzz and controversy over the Obamacare website now raises the question whether this is a calculated attack by the Republican Party to further disgrace Obamacare or if in fact there is serious data security issues surrounding the website that could allow cyber criminals an opening for a number of different scams.

It’s a person. A doctor pronounces her dead, not the news.

The testimony at a recent congressional hearing by the House of Representatives Science, Space and Technology Committee, given by several experts addressed some major data security concerns with the newly launched Obamacare website leaving experts to contemplate whether the website was (DOA) dead upon arrival based upon the existing data security protocols in place.  Reuters reported one expert stated, Obama’s site is riddled with security flaws that put user data of millions of people at risk and it should be shut down until fixed.  The website requests and collects personal data such as names, birth dates, social security numbers, email addresses and other information that criminals could potentially use for a variety of different scams.

Reuters further reported the experts said the site needed to be completely rebuilt to run more efficiently, making it easier to protect.   “ runs on 500 million lines of code, or 25 times the size of Facebook, one of the world’s busiest sites”  Morgan Wright CEO of a firm known as Crowd Sourced Investigations testified at the hearing; “When your code base is that large it’s going to be indefensible.” “Do you want to defend the Great Wall of China or a very small line of code?”

I’m on a mission to civilize

Political affiliation aside, organizations when dealing with personally identifiable information (PII) need to perform proper beta testing, threat analysis and have strict security standards in place prior to launching a website or any other internal data protocol.  The same standards placed on Fortune 500 Corporations should also apply to government agencies.  It should be interesting to see how this shakes out and the political stance taken from each side of the aisle.