The Centers for Medicare and Medicaid Services, the agency responsible for Obamacare, have confirmed that hackers were able to breach a server for HealthCare.gov on July 8. More specifically, the intruders gained access to a development server that programmers were using to test code before it went live. The server, which was protected only by the default manufacturer password, was not supposed to be connected to the Internet, but it was.
Officials said the hackers did not steal any personal information in the attack; rather, they installed malware on the server so that it could be used for distributed denial of service (DDoS) attacks.
Security experts say the problems may be more comprehensive than the government is admitting. “There are fundamental flaws in how they’re coding the website and it’s going to take a long, long time to fix it,” David Kennedy, chief executive of the information security firm TrustedSec LLC, said. “It continues to be a really big glaring security hole.”