Minnesota and seven other state Obama exchanges are vulnerable to a certain cyberattack that can reveal customers’ usernames and passwords, according to a local ABC News affiliate report.
Minnesota Obamacare exchange MNsure failed in a simulated WiFi attack by tech firm Computer Forensic Services, along with seven out of 12 other exchanges tested.
Even HealthCare.gov — which technology experts have alleged is incredibly unsafe — is “coded much more securely than the MNsure webpage is,” according to Mark Lanterman, of Minnesota tech firm Computer Forensic Services.
“MNsure is vulnerable to a type of WiFi attack where hackers can intercept user names and passwords,” Minnesota ABC local reported.
Of the 12 other state exchanges Lanterman tested for the WiFi weakness, 7 failed. Maryland, Colorado, D.C., Hawaii, Nevada, New Mexico and New York are also vulnerable to the same type of attacks, the study found.
MNsure spokesmen denied any weakness in its WiFi protections, instead blaming the weakness on users, the local outlet reported.
While the security of consumers’ extensive information — including Social Security numbers, identifying information, financial data and even limited health information — has been criticized in many federal and state exchanges, MNsure’s security was compromised even before the exchange launched.
Hundreds of Social Security numbers from local insurance agents were unwittingly sent to the wrong person in September, before any customers put their information into the system. But the unencrypted Microsoft Excel spreadsheet of private data, so easily shared with the wrong party, raised questions about MNsure’s internal security procedures.
Lanterman’s analysis found that state exchanges in Kentucky, Rhode Island, Massachusetts, California and Vermont were not vulnerable to this type of WiFi attack.
Vermont, however, is under fire for a different type of security breach, which revealed the Social Security number and other personal data of one user.
A Vermont consumer who applied on the exchange website received his own application for insurance in the mail — from an unnamed sender, not the state exchange itself.
“On the back of the envelope was hand-written ‘VERMONT HEALTH CONNECT IS NOT A SECURE WEBSITE!’,” according to an incident report.
Content created by The Daily Caller News Foundation is available without charge to any eligible news publisher that can provide a large audience. For licensing opportunities of our original content, please contact licensing@