US
U.S. Health and Human Services Secretary Kathleen Sebelius attends an event held in observance of World AIDS Day at the White House in Washington December 2, 2013. U.S. President Barack Obama and his HealthCare.gov website face another critical test starting this week, as Americans who have been unable to enroll in health coverage under Obamacare rush to a site that continues to face challenges.

REUTERS/Kevin Lamarque  (UNITED STATES - Tags: POLITICS HEALTH) - RTX161D1 U.S. Health and Human Services Secretary Kathleen Sebelius attends an event held in observance of World AIDS Day at the White House in Washington December 2, 2013. U.S. President Barack Obama and his HealthCare.gov website face another critical test starting this week, as Americans who have been unable to enroll in health coverage under Obamacare rush to a site that continues to face challenges. REUTERS/Kevin Lamarque (UNITED STATES - Tags: POLITICS HEALTH) - RTX161D1  

‘A hacker’s wet dream:’ ‘World’s most wanted hacker’ SLAMS Obamacare website security

Photo of Patrick Howley
Patrick Howley
Political Reporter

The man formerly known as “The World’s Most Wanted Hacker” told Congress that the HealthCare.gov Obamacare enrollment website clearly “did not consider security as a priority.”

“It would be a hacker’s wet dream to break into healthcare.gov,” said Kevin Mitnick, once the world’s most wanted cybercriminal and now a top cyber security consultant, in written testimony before the House Science, Space and Technology Committee.

“After reading the documents provided by David Kennedy that detailed numerous security vulnerabilities associated with the healthcare.gov web site, it’s clear that the management team did not consider security as a priority,” Mitnick wrote.

“Healthcare.gov retrieves information from numerous third-party databases belonging to the IRS, Social Security Administration, Department of Homeland Security, and other State agencies. It would be a hacker’s wet dream to break into healthcare.gov and potentially gain access to the information stored in these databases. A breach may result in massive identity theft never seen before — these databases house information on every U.S. citizen!” Mitnick wrote.

“It’s shameful the team that built the healthcare.gov site implemented minimal, if any, security best practices to mitigate the significant risk of a system compromise or access to consumer proprietary information,” Mitnick wrote.

Mitnick, the founder and CEO of Mitnick Security Consulting, was a fugitive of the law before his 1995 arrest and subsequent conversion to cyber defender. He is now a security consultant for Fortune 500 companies and does work for government agencies.

The White House has opposed a House bill to require the administration to provide Congress with weekly reports on Obamacare website functionality problems and other Obamacare issues. As The Daily Caller reported this week, Department of Health and Human Services Secretary Kathleen Sebelius has failed to provide a plan to guard against website security breaches and Obamacare-related fraud, according to Republican Rep. Diane Black.

Follow Patrick on Twitter