According to Fox News today, requests to make public documents related to the security of software and systems behind the healthcare.gov site were denied. Why?
The talking points here speak of fears that the information might be used by hackers and is an exercise in “security by obscurity.” Translation? The site is so insecure that making such information public will lead to hacks because the security flaws have not been fixed yet.
Many colleagues in this industry have been involved in the work leading to the rollout of the exchanges, and subsequent management and issue resolution. Many, many times I have heard and experienced that security of the exchanges came as an afterthought in the mad scramble simply to get them launched last October. Instead of having sound, baked in security from the beginning, the Federal government and State exchanges are now trying to bolt it on; without the benefit of a reliable security baseline.
Simply trusting the government with security is insufficient. Organizations need to exercise due care and due diligence, particularly if and when decisions are made to push employees to the exchanges as cost saving measures. Consumers as well need to demand answers and honest assessments of the security of their most private and personal information. These sites are not secure and we need to understand why and what is being done to make them secure.