Obamacare Website Targeted About 16 Times by Cyber Attacks
Surprisingly small number reported for such a high-profile target, experts said.
Nov. 13, 2013— -- The troubled Affordable Care Act website has been subject to "a handful" of hacking attempts, including at least one intended to bring the site down, a Department of Homeland Security official told lawmakers today.
But considering that some federal websites get hundreds of cyber-assaults each day, the approximately 16 reported attacks on healthcare.gov is a surprisingly small number, experts said.
Assistant Secretary Roberta Stempfley told members of the House Homeland Security Committee that her agency had received "about 16 reports" from the Department of Health and Human Services that are under investigation.
While the number of hacking attempts for such a "high profile target" may seem low, Robert Siciliano, a McAfee online security expert, told ABCNews.com that it's likely the agency is reporting only "brute force attacks."
"Little tiny ones that happen on a daily basis, like attempting to crack passwords, they may see them but they add up to nothing. They're probably reporting significant brute force attacks that could put data at risk," Siciliano said.
In comparison, the Department of Homeland Security website logged about "228,700 cyber incidents" during the last fiscal year, a DHS official told ABCNews.com, which averages out to about 626 a day "involving federal agencies, critical infrastructure, and the Department's industry partners."
Exclusive: Obamacare's Mystery Woman Says She Fell Victim to Cyberbullies
"The fact there was only 16 is surprising. Maybe those 16 are the documented ones," he said of healthcare.gov. "Due to the fact there are consumers punching in personal identifying info, that makes it a very attractive target."
During her testimony today, Stempfley said at least one of the attempts involved a Distributed Denial of Service (DDoS) attack, in which a hacker tries to flood a website with junk inquiries until it overloads and crashes the servers.
Stempfley said the DDoS attack did not succeed. However, she did not elaborate on the hacking techniques used in the other documented attempts and what, if any, damage was done.
Obamacare Enrollee Numbers to Fall Far Short
When asked by Rep. Cedric Richmond, D-La., if she would be willing to enter her personal information into the system on healthcare.gov, Stempfley did not give a direct yes or no answer to the question.
"I, like all of us, put my information in a variety of systems and applications whether it be my bank, whether it be Health and Human Services," she said.
The hearing was the second today concerning cyber-security issues on the Affordable Care Act website.
Siciliano said consumers should "always be concerned" their data is at risk, but recommended they stay safe online by installing the most up-to-date antivirus software, browser and operating system.
On Tuesday, the Obama administration, after technical fixes to the website, began summoning frustrated consumers back to the troubled online health insurance portal to try again.
The Center for Medicaid and Medicare Services said it began mailing 275,000 Americans who attempted to create an account on the website shortly after Oct. 1, but could not do so because of software glitches.