Researcher Sounds Alarm On State Health Exchange Security

Jaikumar Vijayan | Computerworld | November 7, 2013

Cursory review of three sites shows them to be buggy and easily exploitable

Several state healthcare exchanges established as part of the Affordable Care Act (ACA) appear buggy and easy to attack, a security researcher warned this week.

Kyle Adams, chief software architect for Juniper Networks' Junos WebApp Secure intrusion detection technology, said a cursory examination of some state health insurance sites revealed coding issues that make the sites vulnerable to attackers.

Adams says he didn't have to conduct penetration tests or even log in in to the sites to discover the problems. Instead, he identified potential security issues merely by reviewing the HTML and HTTP traffic between his computer and the websites using a web debugging proxy tool.