If you weren’t already at least a little worried about the security of your personal information on healthcare.gov after all the reports of the total lack of security on the site, maybe it’s time to jump on board and take a second look at the subject. It appears that in fact, we seem to have a rather major potential threat to the entire health care network of the entire United States health care system itself, not just the government website.
Last week, U.S. intelligence agencies urged the Obama administration and the Department of Health and Human Services, to check its new health care network for malicious software after learning that developers linked to the Belarus government which is not friendly to the United States, helped produce the website, causing fresh concerns that private data posted by millions of Americans will be compromised. To be specific, officials warned that programmers in Belarus, a former Soviet republic closely allied with Russia, were suspected of inserting malicious code that could be used for cyber attacks, according to U.S. officials familiar with the concerns.
The software links the millions of Americans who signed up for ObamaCare to the federal government and more than 300 medical institutions and health care providers. “The U.S. Affordable Care Act software was written in part in Belarus by software developers under state control, and that makes the software a potential target for cyber attacks,” one official said.
Cybersecurity officials said the potential threat to the U.S. health care data is compounded by what they said was an Internet data “hijacking” last year involving Belarusian state-controlled networks. The month-long diversion covertly re-routed massive amounts of U.S. Internet traffic to Belarus which is a repressive dictatorship located between Russia, Poland and Ukraine. The combination of the Belarus-origin software, the Internet re-routing, and the anti-U.S. posture of the Belarusian government “makes the software written in Belarus a potential target of cyber attacks for identity theft and privacy violations” of Americans, the official said.
Since the softwarre currently is used in all medical facilites and insurance companies in the United States, security officials urged HHS to immediately conduct inspections of the network software for malicious code. The officials also recommended that HHS use security specialists not related to software vendors for the inspections to reduce further risks.
Officials disclosed the potential software compromise last week after the discovery in early January of statements by Belarusian official Valery Tsepkalo, director of the government-backed High-Technology Park (HTP) in Minsk. Tsepkalo told a Russian radio station in an interview broadcast last summer that HHS is “one of our clients,” and that “we are helping Obama complete his insurance reform.”
