Another Security Breach for Obamacare

[InfoSec News <alerts () infosecnews org>]

http://www.nationalreview.com/article/381640/another-security-breach-obamacare-jillian-kay-melchior

By Jillian Kay Melchior
National Review
July 1, 2014

A Romanian attacker hacked the Vermont health exchange's development 
server last December, gaining access at least 15 times and going 
undetected for a month, according to records obtained by National Review 
Online.

CGI Group, the tech firm hired to build Vermont Health Connect, described 
the risk as "high" in a report about the attack. It also found possible 
evidence of sophisticated "counter-forensics activity performed by the 
attacker to cover his/her tracks."

The report says that no private consumer information was stored on the 
hacked server, and that CGI Group had "verified that no additional servers 
[that may store private data] communicated with any of the identified 
attacker IP addresses."

But Michael Gregg, the CEO of the cyber-security consulting firm Superior 
Solutions, says it's possible the hacker went on to access other parts of 
Vermont Health Connect, covering his tracks and remaining undetected to 
this day.

"There is potential for consumer risk," says Gregg, who has also testified 
to Congress about cyber-security risks for HealthCare.gov. "Best practices 
were not carried out in several respects. All those point to the 
possibility of further or additional breaches, because they have just not 
shown that they have done the due diligence, and without those controls in 
place, it's hard to say. The attacker could have captured passwords on 
additional systems and used those to create different accounts that 
Vermont Health Connect doesn’t know about yet."

[...]

--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/