Another day, another security breach. Officials from the Ministry of Health and Social Services announced a hacker breached the security of the site HealthCare.gov in July. Fortunately, no personal data was taken during this violation. That news comes as no doubt a big sigh of relief for the 5.4 million Americans who have used the site, particularly in the wake of a massive Home Depot violation . However, it is disturbing that the violation happened in a government of any website. Even more troubling is the fact that it took over a month to discover. As scary as the retail violations, violation a government website is scary.
So what was the purpose, otherwise data theft?
The Wall Street Journal, the attack was discovered on August 25 during a security analysis. A survey showed that the hacker gained access to a test server for the website and download malware. The purpose of this software download should not steal data but to help in the creation of what is known as a "denial of service" attacks against other websites. These attacks involve directing traffic from multiple computers and servers to a single site. The rush of traffic overwhelms the site, he hits offline. HealthCare.gov was chosen by the hacker from several websites they are looking for vulnerabilities. This particular test server should not be connected to the Internet and there was a default password. It does not contain customer's personal data, and nothing has been transmitted from the server to the outside. Investigators determined that this evidence is the website of the Health was not taken to particularly target.
What the HealthCare.gov breach mean to me?
HealthCare.gov requires users to provide a large amount of personal information when buying insurance. If the hacker was able to access the server where personal data is stored, it is possible that could have exposed the names of people, addresses, social security and phone numbers, email addresses and more. Fortunately, because no data was stolen, there is not much anyone needs to do at this stage. However, this should serve as a reminder that nothing on the Internet is completely foolproof. As a proactive measure, it is a good idea to consider signing up for identity theft protection so you're ahead of the bad guys.
identity theft protection services monitor your personal information online to make sure it is not sold or traded. These services also offer assistance if your information will be stolen to help restore your name. Some services also keep an eye on your credit reports. In the wake of recent security vulnerabilities, you may have noticed companies offering free protection against identity theft to affected customers. While this is a nice gesture, often the services are not as complete as others. We recommend Identity Guard TrustedID or for those who want the best protection. You can learn more about these services and others in our examination of protection against identity theft.