There are a bunch of reports floating around about a security researcher’s apparent “hack” of healthcare.gov. They all relate back to this post by a researcher at TrustedSec. He claims to have done some kind of Google search that reveals 70,000 pieces of personal data. I read through the post and its four updates and I sure as hell can’t tell what he is claiming to have exposed via Google. It certainly isn’t a “security breach”, he didn’t “hack” anything, and the potential impact of whatever he did is clear as mud. Yet I’m sure it will get plenty of press.
Here’s something that won’t: the Obama Administration, which recently fired CGI Federal, the healthcare.gov contractor, handled the healthcare.gov situation pretty shrewdly last Fall. One alternative would have been to root through CGI’s contract and find every way to charge them back for error and delay. That would have been satisfying in the short term, but it might have ended up like Bixi, the bike sharing service. Bixi just declared bankruptcy, in part because cities where Bixi operates are trying to collect over $16 million from Bixi due to software delays. Hopefully, those cities will still be able to operate their bike sharing services when it warms up, but I doubt it will go smoothly, since I’ll bet that quite a few Bixi software engineers are looking for employment from a company that has a little more rosy future.
Don’t get me wrong: I hope the Obama Administration puts CGI Federal into bankruptcy over healthcare.gov, but only well after the site has been transitioned to the new contractor, Accenture.