Exclusive: HealthCare.gov Users Warn of Security Risk, Breach of Privacy

[Lee J <lee () riskbasedsecurity com>]

http://blog.heritage.org/2013/11/02/exclusive-healthcare-gov-users-warn-of-security-risk-breach-of-privacy/

Justin Hadley logged on to HealthCare.gov to evaluate his insurance options
after his health plan was canceled. What he discovered was an apparent
security flaw that disclosed eligibility letters addressed to individuals
from another state.

“I was in complete shock,” said Hadley, who contacted Heritage after
becoming alarmed at the breach of privacy.

Hadley, a North Carolina father, buys his insurance on the individual
market. His insurance company, Blue Cross Blue Shield of North Carolina,
directed him to HealthCare.gov in a cancellation letter he received in
September.

[...]

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

# OWASP http://www.appsecusa.org
# Builders, Breakers and Defenders
# Time Square, NYC 20-21 Nov
o()xxxx[{::::::::::::::::::::::::::::::::::::::::>

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security offers security intelligence, risk management services and customized security solutions. The 
YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk 
mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.