The federal government stored the sensitive personal data of millions of people who purchased insurance through ObamaCare on a network with basic cybersecurity flaws, a federal audit revealed Thursday.
HealthCare.gov, the much-maligned federal exchange for healthcare coverage, suffered from a number of security issues, according to the inspector general at the Department of Health and Human Services (HHS).
HealthCare.gov relies on a $110 million digital repository called MIDAS to store the information it collects.
While MIDAS doesn’t handle medical records, it does store names, Social Security numbers, addresses, passport numbers, and financial and employment information for exchange customers.
According to the report, MIDAS did not encrypt user sessions, which is common practice for most online financial transactions.
The Centers for Medicare and Medicaid Services (CMS), which oversees the site, also apparently failed to perform basic vulnerability scans that might have uncovered weaknesses in the website’s servers.