First there was the UPS store breach, then came JP Morgan Chase. We could have put any number of Hollywood celebs in the seat with the SelfieGate incident, but given the nature of the images we felt that would have been in poor taste. Home Depot was also a clear contender given the speculation that their breach could be broader than Target’s when all is said and done. But we ultimately went with HealthCare.gov.
An outside attacker broke into the HealthCare.gov insurance website in July and uploaded malicious software on a test server, according to federal officials and reported by the Wall Street Journal last week. "Our review indicates that the server did not contain consumer personal information; data was not transmitted outside the agency, and the website was not specifically targeted," HHS said in a written statement. With mid-term elections around the corner and given all their past technical woes, this was that last thing HealthCare.gov needed. Sure no data was lost (this time), but the fact that the test server was connected to the Internet, didn’t have any security software, and was protected by the default password from the manufacturer makes their security team look like a bunch of amateurs. This registration site serves almost 5 million US consumers in 36 states – better batten down those security hatches, HealthCare.gov, you are still a ripe target for hackers.
Related ArticlesThe Security Hot Seat: Personal Device Encyption
This week' s Hot Seat features the latest issue in the debate on personal privacy vs. national securitySecurity Hot Seat: Chip and PIN
The Latest Payment Card Security Technology in this Week's Hot SeatSecurity Hot Seat: Unpatched Drupal 7 Sites Compromised
The Open Source CMS Leader in the Hot Seat after Announcement of Widespread Compromise