Monday, February 3, 2014

HHS searching for malware from Belarus in Obamacare software... “Every shred of data one would need to steal your identity or access your confidential credit information would be available at the fingertips of a skilled hacker, producing a staggering security threat”

The Belarusian Connection: Obamacare network vulnerable to cyber attack - Washington Free Beacon

U.S. intelligence agencies last week urged the Obama administration to check its new healthcare network for malicious software after learning that developers linked to the Belarus government helped produce the website, raising fresh concerns that private data posted by millions of Americans will be compromised.

The intelligence agencies notified the Department of Health and Human Services, the agency in charge of the Healthcare.gov network, about their concerns last week. Specifically, officials warned that programmers in Belarus, a former Soviet republic closely allied with Russia, were suspected of inserting malicious code that could be used for cyber attacks, according to U.S. officials familiar with the concerns....

Officials disclosed the software compromise last week after the discovery in early January of statements by Belarusian official Valery Tsepkalo, director of the government-backed High-Technology Park (HTP) in Minsk.

Tsepkalo told a Russian radio station in an interview broadcast last summer that HHS is “one of our clients,” and that “we are helping Obama complete his insurance reform.”

“Our programmers wrote the program that appears on the monitors in all hospitals and all insurance companies—they will see the full profile of the given patient,” Tsepkalo said June 25 on Voice of Russia Radio.

White House National Security Council spokeswoman Caitlin Hayden said an intelligence report on the Belarusian software was “recalled by the intelligence community shortly after it was issued.”

...House Permanent Select Committee on Intelligence Chairman Rep. Mike Rogers (R., Mich) said he was surprised by media reports from Belarus indicating “some parts of Healthcare.gov or systems connected to it may have in fact been written overseas.” He called for an independent security review of the Obamacare website.

Rogers said he was especially concerned by the potential software vulnerability because a CGI executive, Vice President Cheryl Campbell, testified to Congress that all software work for the network had been done in the United States.

“We need an independent, thorough security evaluation of this site, and we need the commitment from the administration that the findings will be acknowledged and promptly addressed,” Rogers told the Free Beacon.

“I continue to call on HHS to shut down and properly stress test the site to ensure that consumers are protected from potential security risks from across the globe.”

...According to HHS, between Oct. 1 and the end of the year, 1. 9 million people signed up for healthcare through the federal website. Another 956,000 enrolled through state websites. More than 55 million people visited both the federal and state websites.

The threat of data diversion is compounded by the discovery last year that Belarus covertly diverted massive amounts of U.S. Internet traffic to Belarus.

According to the New Hampshire-based security firm Renesys, which discovered the data diversion, throughout February 2013, Internet traffic from the United States was sent to Belarus. The purpose likely was to allow hackers or government agencies to sift for data for financial, economic, or government intelligence.

Obamacare data hub looms as privacy threat - USA Today Rep. Mike Rogers, chairman of the House Intelligence Committee.