Skip to main content

Official: Hackers tried repeatedly to attack Obamacare website

By Joe Johns and Stacey Samuel, CNN
updated 5:18 PM EST, Mon November 18, 2013
STORY HIGHLIGHTS
  • There have been more than a dozen attempts to attack the Healthcare.gov web site
  • None of the attacks have been successful, officials said
  • Officials also hired an "ethical hacker" to try to find holes in the system
  • HealthCare.gov went live on October 1; beset by internal problems since

Washington (CNN) -- Hackers have attempted more than a dozen cyber attacks against the Obamacare website, according to a top Homeland Security Department official.

The attacks, which are under investigation, failed, said the official.

Authorities also are investigating a separate report of a tool designed to put heavy strain on HealthCare.gov through a so-called distributed denial of service. It does not appear to have been activated.

"We received about 16 reports from HHS that are under investigation and one open source report about a denial of service," according to Acting Assistant Homeland Security Secretary Roberta Stempfley of the Office of Cybersecurity and Communications.

Related: Many in Congress avoiding health care exchanges

Stempfley testified at a hearing of the House Homeland Security Committee that the attempts were made between November 6 and November 8, but none were successful.

HealthCare.gov: How bad is it?
106,185 enrolled through Obamacare
White House expert: Working to reach goal
Obamacare model: I've been bullied

The DDOS program, called "Destroy Obama Care," was recently spotted on a "torrent" file sharing web page, and first reported last week on a blog by Arbor Networks, which said it found no evidence the program had actually been launched to attack the troubled federal portal for consumers to shop for health coverage.

"We have not monitored any attacks. We have not seen any sizable, or anything to believe that these problems are related to DDOS," said Dan Holden director of security research for Arbor Networks, adding "I don't believe that the problems with the site's availability is due to any kind of DDOS attack."

Related: White House officials get earful from Democrats on Obamacare

In a separate hearing, a top Health and Human Services official, Chief Information Officer Frank Baitman, said his department had engaged an "ethical hacker" on staff to test the defenses of the health care site.

The hacker discovered between seven and 10 items related to attempted security breaches which were disclosed in a report.

Baitman said he would not describe these items as serious and said the majority had been resolved.

The use of hackers employed to test on line site security is common, Holden said.

"That's pretty standard practice, generally referred to as penetration testing," Holden told CNN. "There are many companies and individuals out there that have done that for a very long time. The idea being, you want to know where your weaknesses are and what the potential of attacks could be."

Related: Obamacare's first month: 106,000 signed up

But others are still concerned about the security of the site.

In statements made before the House Homeland Security hearing, database expert Luke Chung --whose company did not work on HealthCare.gov -- provided his technical assessment, saying that the problem with the roll out of the website was far deeper than "too many users."

Chung said that in his estimation the skill set of the designers of the website were subpar, adding that "when you have an environment where the developer can barely get the web site functional, security is way down on the list of things to take care of. Security has to be built-in at the very beginning not at the very end."

But, critical infrastructure protection specialist and CEO of Lunarline, Inc., Waylon Krush told the committee, "There's not a system out there that's perfect in nature, by any means, from a cybersecurity perspective."

"You would assume that for hundreds of millions of dollars it would be a secure site," said Chung.

ADVERTISEMENT
Part of complete coverage on
updated 11:05 AM EDT, Wed July 23, 2014
On Tuesday, two U.S. appeals courts issued conflicting rulings on a subject that's important to millions of people: the availability of subsidies to help purchase coverage under the health-care law.
updated 10:06 AM EDT, Wed July 23, 2014
It was a tale of two rulings -- the best of times and the worst of times for Obamacare in the federal appeals courts.
updated 6:00 AM EDT, Wed July 23, 2014
President Barack Obama's poll numbers are nothing to brag about, but there's little evidence he has suffered so far this year a "Katrina moment" that caused his predecessor's numbers to plummet.
updated 6:00 AM EDT, Wed July 23, 2014
More than half the public says Obamacare has helped either their families or others across the country, although less than one in five Americans say they have personally benefited from the health care law, according to a new national poll.
updated 8:01 AM EDT, Fri July 11, 2014
House Republicans are going forward with plans to sue President Barack Obama and will base their legal case on the sweeping health care law he championed and they despise.
updated 4:13 PM EDT, Fri July 11, 2014
They tried in Congress, at the ballot box and in the Supreme Court, but Republicans have been unable to stop Obamacare.
updated 9:21 PM EDT, Mon June 30, 2014
The Supreme Court's decision was "sweeping," a "huge blow to the Obama administration," and a "shot in the arm for the evangelical movement," analysts said.
updated 7:45 PM EDT, Mon June 30, 2014
The ruling gives certain companies a right to raise religious objections to providing some types of birth control insurance to their employees leaves a number of important questions in its wake.
updated 6:41 PM EDT, Tue October 29, 2013
Nationally, consumers are learning a number of well-known hospitals won't accept insurance under Obamacare.
updated 1:16 PM EST, Mon December 23, 2013
Open enrollment started October 1. Here's a step-by-step guide to navigating the insurance marketplaces, also known as exchanges.
updated 4:37 AM EDT, Sat October 19, 2013
Obamacare has survived a Supreme Court appeal, a government shutdown and ongoing challenges by opposing politicians. With few exceptions, every American must have health insurance by March 31 or pay a penalty fee.
updated 10:44 AM EDT, Thu September 26, 2013
If you don't know what all those health insurance buzz-words like "co-pay" and "premium" mean, you're not alone.
updated 11:57 AM EDT, Wed October 2, 2013
Lauren Zanardelli and Graham Foster are the kind of customers the government needs to make Obamacare work.
It's a popular assertion, but is it true? The CNN Politics team hunts down the facts.
Some may offer help navigating the new health insurance marketplace for a fee. Others will warn that you will need a new Medicare card.
updated 12:57 PM EDT, Mon September 30, 2013
Who's in, who's out... and what about the costs? CNN Chief Medical Correspondent Dr. Sanjay Gupta breaks down Obamacare.
Consumers can avoid the exchanges by buying plans directly from insurers or through brokers. But should they?
Here's the first look at insurance premiums on 36 exchanges run by the federal government.
updated 10:46 AM EDT, Wed September 25, 2013
If we want to be realistic about health care reform, we have to acknowledge that everything comes with a tradeoff, Dr. Aaron E. Carroll says.
Check out our page with all things you need to know about Obamacare and how it will affect you.
ADVERTISEMENT