Heathcare.gov, the online hub for the Affordable Care Act’s insurance exchanges, remains “at risk” to attempts to pry into data and disrupt service, according to a new Government Accountability Office report.
The report, released on Tuesday, concluded that “while [the Centers for Medicare & Medicaid Services] has taken steps to protect the security and privacy of data processed and maintained by the complex set of systems and interconnections that support Healthcare.gov, weaknesses remain both in the processes used for managing information security and privacy as well as the technical implementation of IT security controls.”
The report comes after news that a Healthcare.gov server was hacked in July, although it did not result in any data or consumer information being stolen or any other damage to the site.
GAO cited several areas where CMS had fallen short of best practices, writing they had not “always required or enforced strong password controls, adequately restricted access to the Internet, consistently implemented software patches, and properly configured an administrative network.”
The next open enrollment period to sign up for health insurance through Healthcare.gov’s online exchanges begins on Nov. 15. Last year’s inaugural enrollment period was marred by technical problems at the start, but more than 8 million people ended up acquiring private insurance through the law after the administration implemented a series of emergency fixes. A number of studies and surveys have found that the number of uninsured Americans has dropped precipitously since the exchanges and an accompanying Medicaid expansion in many states went into effect.