The controversial Obamacare website was hacked in July, according to the US Centers for Medicare and Medicaid Services, though no personal information appears to have been taken during the breach.
Discovered on Aug. 25, the attack exploited a test server used to support the website and was never intended to be online, agency spokesman Aaron Albright said. The server was protected only with a default password.
The error is certainly something that could have been prevented had an admin created a stronger password. Regardless of whether the server itself is connected to the Internet, it is still part of a network which could have given the attacker access to other connected-servers.
The test server was infected with malware which was intended to send DDoS attacks to other websites.
The security breach is just the latest scandal to surface around Healthcare.gov, the health insurance marketplace that was launched by the Obama administration rather unsuccessfully (at least technically speaking) last year. In March, the administration extended its contract with Verizon’s government unit, Terremark, to ensure the smooth transition over to HP.
Healthcare organizations continue to be wary of the security of cloud computing, especially as they are more prone to cybersecurity risks than other sectors including retail. Just last month it was discovered that medical records belonging to 4.5 million patients in the US had been exposed as part of a three-month hacking spree.