Tipsheet

Healthcare.gov Hacked in July

Comforting: Yesterday, reports came out detailing how HealthCare.gov was apparently hacked in July, and government officials were unaware of the security breach until last week. While no personal information was leaked, malware was uploaded. Still, officials are warning that things could have been a lot worse.

Wall Street Journal has more:

Investigators found no evidence that consumers' personal data were taken or viewed during the breach, federal officials said. The hacker appears only to have gained access to a server used to test code for HealthCare.gov, the officials said.

The server was connected to more sensitive parts of the website that had better security protections, the officials said. That means it would have been possible, if difficult, for the intruder to move through the network and try to view more protected information, an official at the Department of Health and Human Services said. There is no indication that happened, and investigators suspect the hacker didn't intend to target a HealthCare.gov server.

The prospect nevertheless raised concerns among federal officials because of how easily the intruder gained access and how much damage could have occurred.

The hacking was made possible by "security weaknesses," including never changing the default password that came with the server.

HealthCare.gov is the Obamacare health insurance exchange website for the 36 states without state-run exchanges.

Let's hope the government changes the server's password to something a little more secure than "Password1234."