More than three months into its disastrous rollout, HealthCare.gov is still wide open to hackers despite pleas that date back to October to fix more than 20 vulnerabilities, a group of security experts says. Users' personal information and computers could be commandeered, they tell Reuters, and hackers could damage the site's infrastructure. "These issues are alarming," says one consultant who's set to testify before the House today. "The site is fundamentally flawed in ways that make it dangerous to people who use it," says another; still others recommend it be shut down immediately.
The Centers for Medicare and Medicaid Services, which runs the site, says " security testing is conducted on an ongoing basis" and that "there have been no successful security attacks" or "maliciously accessed personally identifiable information." But Forbes tells of one expert who found vulnerabilities while trying to sign up himself. He tried "at least 15 times" to contact the site, but didn't hear back for more than a month. When he did get a response, "They didn’t want a conversation about how to fix it," says Kristian Erik Hermansen, who contends that the FBI tried to quiet his findings. "I didn't put the vulnerabilities in your site," Hermansen says. "I'm just shining light on it."