Good News: parts of healthcare.gov designed by Putin allies

February 4, 2014
Alexander Lukashenko

Belarus President Alexander Lukashenko

Security holes? What are those? And did you hear about Chris Christie closing a bridge in New Jersey??

U.S. intelligence agencies last week urged the Obama administration to check its new healthcare network for malicious software after learning that developers linked to the Belarus government helped produce the website, raising fresh concerns that private data posted by millions of Americans will be compromised.

The intelligence agencies notified the Department of Health and Human Services, the agency in charge of the Healthcare.gov network, about their concerns last week. Specifically, officials warned that programmers in Belarus, a former Soviet republic closely allied with Russia, were suspected of inserting malicious code that could be used for cyber attacks, according to U.S. officials familiar with the concerns.

The software links the millions of Americans who signed up for Obamacare to the federal government and more than 300 medical institutions and healthcare providers.

“The U.S. Affordable Care Act software was written in part in Belarus by software developers under state control, and that makes the software a potential target for cyber attacks,” one official said.

Belarus has been described as Europe’s last Stalinist country, and apparently they work very hard to prove themselves worthy allies of Moscow. According to Gertz’s article, in addition portions of healthcare.gov’s software being designed by an entity controlled by the Belarussian government, last year that same government successfully hijacked massive amounts of US Internet traffic for nearly a month:

According to the New Hampshire-based security firm Renesys, which discovered the data diversion, throughout February 2013, Internet traffic from the United States was sent to Belarus. The purpose likely was to allow hackers or government agencies to sift for data for financial, economic, or government intelligence.

The data also may have been modified for other purposes before being returned to the original U.S. and other foreign destinations.

The bulk diversion technique is called border gateway protocol hijacking. It involves using a series of network addresses to mask the data diversion through numerous Internet hubs around the world.

Renesys traced the data diversion from Washington to New York and Moscow and finally to Minsk, the Belarusian capital. It was returned to the United States via connections in Moscow, Frankfurt, and New York.

Combine the two and you have a very, very big potential problem. Administration officials of course claimed the site was secure and pooh-pooed the idea that nation-states would want to steal personal information, but that’s disingenuous at best.

First, foreign intelligence agencies would very much like to get their hands on conveniently collected personal information, since it would make the creation of solid cover identities for agents much easier. Second, as the article mentions, both the use of a foreign contractor and the internet hijacking make it very easy to implant altered data and even  malicious code to do… lots of stuff. Remember Stuxnet?

The elephant in the room that the administration isn’t talking about is the real danger in this: the PPACA created a wealth of interconnected networks with the Federal Data Services Hub at the center of the spider’s web. This hub is connected to agencies such as the IRS and Homeland Security. Even if Lukashenko isn’t interested in chatting with Putin about Joe Six-Pack’s cholesterol, you can darn well bet they’re both very interested in any security holes that allow their spies access to these other networks and to others connected to them.

And with the ability to divert traffic and implant clandestine code… Critics are right: the whole site needs to be shut down and vetted from top to bottom. Even if Obamacare is eventually repealed and the system dismantled, it’s a huge risk while it’s still operational.

As Instapundit likes to say, we’re in the best of hands.

Moscow’s.

PS: By the way, the now-fired healthcare.gov site builder, CGI Federal, assured the US government that only US contractors were used. Where was the HHS oversight of this?

PPS: Read the whole thing.

RELATED: Between this and Edward Snowden’s invaluable service to Russian intelligence, do we have any secrets from our enemies at all? Also, on a lighter note, Belarus’ Lukashenko is totally not a paranoid nut. Earlier articles about healthcare.gov security vulnerabilities.

(Crossposted at Sister Toldjah)


#Obamacare: insurance companies have no idea who you are

January 9, 2014

"Obamacare has arrived"

“Obamacare has arrived”

Just a glitch, ya know. A glitch that, so far, has left 13,000 people without the coverage they paid for:

Insurance companies are still trying to sort out cases of so-called health insurance orphans, customers for whom the government has a record that they enrolled, but the insurer does not.

Government officials say the problem is real but under control, with orphan records being among the roughly 13,000 problem cases they are trying to resolve with insurers. But insurance companies are worried the process will grow more cumbersome as they deal with the flood of new customers who signed up in December as enrollment deadlines neared.

More than 1 million people have signed up through the federal insurance market that serves 36 states. Officials contend the error rate for new signups is close to zero.

Insurers, however, are less enthusiastic about the pace of the fixes. The companies also are seeing cases in which the government has assigned the same identification number to more than one person, as well as so-called “ghost” files in which the insurer has an enrollment record but the government does not.

But orphaned files — when the insurer has no record of enrollment — are particularly concerning because the companies have no automated way to identify the presumed policyholder. They say they have to manually compare the lists of enrollees the government sends them with their own records because the government never built an automated system that would do the work much faster.

“It’s an ongoing concern,” said Robert Zirkelbach, a spokesman for the industry trade group America’s Health Insurance Plans. “Health plans can’t process enrollments they haven’t received from the exchange.”

So, you can’t keep the health plan you liked, and now you can’t get the service you were forced to pay for because the government can’t process the records properly.

As Instapundit likes to say, “We’re in the best of hands.”

via Townhall

(Crossposted at Sister Toldjah)


California: Governor Brown panicking over High-Speed Rail? Updated.

January 8, 2014
Boondoggle

Boondoggle

From The Sacramento Bee’s Dan Walters. It looks like Governor Brown, faced with recent legal defeats for his “Train to Nowhere,” may be starting to panic:

Jerry Brown may be getting desperate about keeping the state’s increasingly unpopular – not to mention financially and legally challenged – bullet train project alive.

Faced with a judge’s insistence that the project follow the law about having its financial ducks lined up, Gov. Brown is now poised to shift money from the state’s “cap-and-trade” fees on greenhouse-gas emissions into the bullet train.

Brown, it’s been reported in The Bee and elsewhere, will propose in his 2014-15 budget that a portion of the fees being extracted from California business be committed to the bullet train.

Problem is, the money my fellow Californians allocated (1) to fight global warming climate change the evil demon threatening Gaea is “hardwired” by statute; the court may not accept that as a funding source sufficient to let construction go forward. Even if it does, the legislature, whose dominant leftist faction gets a lot of donation money from environmentalist groups, may not agree to reallocate the funds. But, if they do, and if the judge accepts this as a legal source of funds for Jerry’s Choo-Choo, it may still set up the mother of all Blue-on-Blue battles in Sacramento as environmentalist groups and their voters will likely raise an unholy stink over any money being diverted from their religious crusade.

And, when that happens, I’m doubling my popcorn order. smiley popcorn

Footnote:
(1) Passed in a fit of  “It’s for the environment! It must be good!!” Look, I live in a beautiful state and consider myself a conservationist (But not an environmentalist. I don’t join cults.), but passing a crippling new tax to fight a problem that does not exist was stupid and self-destructive for the state. Unfortunately, that’s what you get when an electorate votes with less consideration of the issues than they give to buying a head of lettuce.

UPDATE: There is no way I’m taking Moe Lane’s bet. That’s a sucker’s bet if I ever saw one.

(Crossposted at Sister Toldjah)


Hospital not paying doctors and staff, blames #Obamacare contractor

January 2, 2014

"Seen over Fordow?"

“Obamacare reveals its true face”

Oh, this is just grand. On top of all the other problems we’ve suffered through so far with Obamacare, now a hospital treating Medicare patients hasn’t been reimbursed by the government and thus hasn’t been able to pay its staff for weeks. Over Christmas. The blame? Apparently it lies with the same contractor hired by the Obama administration to build the back-end payments system for healthcare.gov:

Dozens of employees at a hospital in northeast Houston have had to make it through the holidays without getting paid for weeks. The CEO of Saint Anthony’s Hospital on Little York is blaming a new Medicare payment contractor for his payroll problems.

Nearly 150 employees, ranging from doctors to nurses and administrators, haven’t been paid in nearly a month, and the CEO says it’s not his fault.

(…)

The hospital is strapped for cash not because its not making money, but because Leday says a new Medicare payment facilitator named Novitas Solutions is taking too way long to pay out Medicare claims to the hospital.

Leday says he’s owed nearly $3 million in payments from Medicare and can’t make payroll.

According to the ABC-13 article, the Texas AMA says that other community hospitals in the state are facing similar payment problems with Novitas. So, what happens to Medicare patients when unpaid doctors stop providing services because they haven’t been paid, or the pharmacists stop filling prescriptions? Aren’t these the very people this anti-constitutional monstrosity of a law was supposed to help? Or should we just make physicians serfs of the state, as one Democrat proposed?

Via Jeryl Bier, who adds this about Novitas’ link to healthcare.gov:

Novitas’s direct connection to Healthcare.gov stems from an emergency, no-bid contract for “financial management services” awarded in August and first reported by THE WEEKLY STANDARD in September.  The services required included accounting, tracking of accounts receivable and accounts payable, documenting funds collected by CMS, and data validation, among other things.  CMS justified the no-bid award because the “prospect of a delay in implementing the Marketplace by the operational date of January 1, 2014, even for a few days, would result in severe consequences, financial and other” and that the services required were “beyond what was initially anticipated and beyond CMS’ currently available resources.”

In light of Novitas’ performance in Houston, I can’t wait to see what this government contractor no-bid crony can do for the whole nation.

PS: There’s a video report at the ABC link.

(Crossposted at Sister Toldjah)


New malware hijacks your computer, encrypts files

December 20, 2013
"Just a glitch"

“Shouldn’t have opened that email”

This one’s insidious and perfectly timed for the holidays: a malware bomb disguised as an innocent-looking package tracking email:

It’s called cryptolocker ransomware.

Kevin Swindon is with the FBI in Boston.

“I would think about this particular type of malware as what would happen if your computer was destroyed,” Swindon said.

In the past 90 days, thousands of people worldwide have opened a seemingly innocuous link to track a holiday package. Suddenly, all the files on their computer are encrypted.

Joan Goodchild is the editor of “CSO,” Chief Security Officer magazine based in Framingham.

“This is a criminal operation. They are holding your folders and files ransom. We call this ransomware because that is exactly what it is. You need to pay in order to have access to them once again.”

And that’s what the Swansea police department did, paying $750 to unlock their computers. One wonders what happened to the poor schlimazl who first opened that email.

This is also a timely reminder to be careful about what emails you open. I’m sure almost anyone reading this has received “phishing” messages, fakes that look like they’re from real companies, but really want you to log into their fake web site so they can steal your ID and password. Some of them are so badly done, they’re funny, others are pretty slick pieces of work. This is more vicious, hijacking your system and extorting ransom to get it back.

Take my advice: if you receive email from a company where you have an account (such as Amazon, eBay, PayPal, &c…) that looks at all suspicious, don’t open it; instead, forward it to their security address. They’ll let you know if it’s real or not, and they’re very interested in tracking down fraudsters.

To borrow a line from Hill Street Blues, “Let’s be careful out there.”

(Crossposted at Sister Toldjah)


#Obamacare Chronicles: So, you think you now have coverage, eh?

December 3, 2013
"Obamacare has arrived"

“Obamacare has arrived”

Let’s consider an all-too common occurrence in our Brave New World of affordable healthcare for all: You’re one of the many millions of individual insurance buyers who’s had his policy cancelled in the last few weeks, because of the Affordable Care Act and how the Democrats wrote the rules. You’re annoyed, but you sigh and realize you have to go to the Obamacare exchanges — you need the coverage, and it’s the “law of the land.” So, in spite of crashing web sites, higher premiums, bigger co-pays, outrageous deductibles, benefits you don’t need, and smaller provider networks, you finally find a policy you can live with. You grit your teeth, submit your application, and received a confirmation that, as of January 1st, 2014, you will still have health insurance.

Congratulations! You are an Obamacare success story!

Eh… Not so  fast, Doc:

Bob Shlora of Alpharetta, Ga., was supposed to be a belated Obamacare success story. After weeks of trying, the 61-year-old told ABC News he fully enrolled in a new health insurance plan through the federal marketplace over the weekend, and received a Humana policy ID number to prove it.

But two days later, his insurer has no record of the transaction, Shlora said, even though his account on the government website indicates that he has a plan.

“I feel like this: My application was taken … by a bureaucrat, it was put on a conveyor belt and it’s still going around, and it’s never going to leave the building,” he said. “I’ve lost hope. If it happens, great.”

Obama administration officials acknowledged today that some of the roughly 126,000 Americans (1) who completed the torturous online enrollment process in October and November might not be officially signed up with their selected issuer, even if the website has told them they are.

Oops! Must be one of those darned glitches. Curse that Republican obstructionism!

Mr. Shlora’s problem may have to do with what’s called an “834,” something used to convey all the necessary data to set up your account with the insurance company. These are transmitted every evening from by the government to the insurers. Trouble is, many of them are garbage:

Insurers report that, in some cases, 834s are coming in wrong. That’s a much more serious problem than the online traffic bottlenecks that have dominated coverage of the health-care law’s rollout.

If people can’t get into the Web site, then they simply have to come back later. But if they believe they’ve signed up for a plan but their 834 is a garbled mess — or, even worse, clear but wrong — it could mean chaos when they actually go to use their health insurance. For that reason, inside the health-care industry, the 834 problems are the glitch that is causing the most concern.

To back up a moment: 834 transmissions aren’t new. They have been around for decades as the standard form that employers use to tell their insurance companies which workers are on their health insurance plan each month.

An 834 transmission contains enrollment data like an individual’s social security number, their dependents and the plan that they picked. That data is, obviously, critical: If it comes in wrong, an applicant may not get the right plan, or family members may not be covered, or identity may not be verifiable.

In other words, like Mr. Shlora, you could wind up thinking you have coverage when you really don’t. That quote is from a Washington Post article dated October 23rd; Shlora signed up for his plan a full month later, yet was still left uncovered. Apparently those problems haven’t been fixed, in spite of Obama’s “tech surge.”

For the first few weeks after the Obamacare rollout, the insurance industry could handle these problems by fixing the 834s manually, since the web site’s traffic problems meant that only a few applications were getting through, anyway. But, with the front end getting closer to actually working (Most of the time. Kind of.) and with the deadline to apply and pay in order to be covered on January 1st fast approaching, a lot more people are going to be buying plans. Or so the government hopes. And all those people have to have their data sent by that same electronic system.

But ask yourself this: if these 834 problems still aren’t fixed, how many more people are going to buy coverage and then go to the doctor in 2014, only to be told the insurance company has no record of them? When you’re sick and need to see a doctor, the last thing you want to hear is “Wait a few days. A healthcare.gov specialist will get back to you.” The government claims 80% of the 834 problems have been fixed. So, 20% of the potentially hundreds of thousands of people signing up won’t have the coverage they thought they had — or any at all?

If the administration thinks they’re getting bad press now, just wait until that storm hits.

I’ll end with a good question from Mr. Shlora:

“The White House announced that they have met their goal,” he said of the much-touted improvements to the website. “They are taking applications but they aren’t going anywhere. What kind of goal is that?”

Under Obama, Bob, it’s good enough for government work.

RELATED: Speaking of the Obamacare site back-end and 834s, the administration refuses to share data on the error rate for transmissions to insurance companies. Anyone still think they have this problem fixed? Bueller? But, don’t worry: Obama is going to make a speech to reassure everyone that Obamacare is OK and everyone should remain calm.

Footnote:
(1) That’s 126,000 over two months, when the goal is seven million by the end of March. So, with 40% of the enrollment period past, the administration has hit 1.8% of its goal. And some people wonder why Democrats are panicking.

(Crossposted at Sister Toldjah)


It’s not just #Obamacare that’s a flaming wreck

December 2, 2013
x

Obama Green Tech adviser at work

Remember all the public money “invested” in supposedly Green electric vehicles of the future? Seems like a fair portion of it has gone up in smoke. National Review has a brief summary of electric vehicles that have caught fire. Here’s one:

2. A parked Chevy Volt combusts.
In 2011, Bloomberg reported that a Chevy Volt in Wisconsin had ignited. Ironically, the car was parked outside a National Highway Traffic Safety Administration testing center where it had undergone tests three weeks earlier. The blaze was big enough to burn other nearby vehicles, according to reports.

If electric vehicles do ever catch on –as opposed to catch fire– it will be when there is a genuine economic demand for them, not a government mandate.


CNN performs on-air test of HealthCare.gov website that’s been declared ‘fixed’

December 2, 2013

“Fixed” is a relative term. It’s like an auto mechanic telling you your car can now make it a whole half-mile before breaking down. Just don’t give it too much gas…


White House expresses total confidence in #Obamacare web site

November 30, 2013
"Obamacare"

“The Obamacare Express”

Remember that December 1st deadline to have healthcare.gov actually working? Hey, they even had a tech surge and everything! So, they’re going to be ready and millions will flock to the site, right? Right??

Eh… Well?

White House officials, fearful that the federal health care website may again be overwhelmed this weekend, have urged their allies to hold back enrollment efforts so the insurance marketplace does not collapse under a crush of new users.

At the same time, administration officials said Tuesday that they had decided not to inaugurate a big health care marketing campaign planned for December out of concern that it might drive too many people to the still-fragile HealthCare.gov.

With a self-imposed deadline for repairs to the website approaching on Saturday, the administration is trying to strike a delicate balance. It is encouraging people to go or return to the website but does not want to create too much demand. It boasts that the website is vastly improved, but does not want to raise expectations that it will work for everyone.

In other words, it’s nowhere near ready and, let’s face it, they’re going to find even more bugs as they dig deeper into the system, while some of the fixes are sure to create problems of their own. As of a week ago, the payment system was nonexistent (You don’t get covered until you pay), while the system to pay insurers the subsidy money is months away from being ready.

But, yeah, everything will be copacetic tomorrow.

Via Walter Russell Mead, who has this to say on the potential political consequences:

Remember that many Democrats have cited December 1st (tomorrow!) as the deadline for the website. It doesn’t have to be perfect, but if healthcare.gov isn’t working reasonably well by then, many are contemplating distancing themselves publicly from the law. The White House’s attempts to direct people away from the site on and even after that date can’t be doing much to convince Democrats that the site will be ready. The website may be, as the administration claims, getting better all the time. But if Democrats frustrated with a missed December deadline defect from the administration in the coming weeks, continued, gradual improvement might be too little, too late.

I’m beginning to think Charles Krauthammer may be right: Democrats will be the ones who will put an end to Obamacare, just to try to save themselves.

PS: Back from Thanksgiving with the family. I hope you all had a great day. :)

(Crossposted at Sister Toldjah)


#Obamacare: Cover Oregon reduced to telling people to use a fax to apply

November 25, 2013
"An Obamacare navigator ready for action"

“An Obamacare navigator ready for action”

Forward!

KOIN 6 News confirmed Cover Oregon has added dozens of extra fax lines to handle the paper applications being sent in by fax.

On Wednesday, King said they had received about 24,000 paper applications. That number now is closer to 30,000. But many people complained of busy signals when trying to send in their application by fax.

Michael Cox, the Cover Oregon spokesperson, said their office has one fax number but it’s an electronic interface that can handle more than one call at once. When a fax comes in it takes two seconds per page to be transferred into the server.

When the paper applications began, Cover Oregon was only able to take 500 applications per day. It was upped to 1000, and this week increased to 1500 per day.

Cox said he’s absolutely confident Cover Oregon has the capacity to deal with the applications.

Because nothing says “health care of the future” like using technology invented in the 19th century.

(Don’t forget, all those faxed-in applications still have to be entered into the nonfunctional exchange.)

via Hot Air


Perspective: Building the #Obamacare web site vs winning WWII

November 9, 2013
D-day history

And yet Obama can’t build a working web site.

Via Twitchy, FOX’s Bret Baier read an email from a viewer on his show and then posted it to his web site. Obama and his fans liked to compare him to FDR. I wonder how they’ll like it now:

“Putting things in perspective: March 21st 2010 to October 1 2013 is 3 years, 6 months, 10 days.  December 7, 1941 to May 8, 1945 is 3 years, 5 months, 1 day.  What this means is that in the time we were attacked at Pearl Harbor to the day Germany surrendered is not enough time for this progressive federal government to build a working webpage.  Mobilization of millions, building tens of thousands of tanks,  planes, jeeps, subs, cruisers, destroyers, torpedoes, millions upon millions of guns, bombs, ammo, etc. Turning the tide in North Africa,  Invading Italy, D-Day,  Battle of the Bulge, Race to Berlin – all while we were also fighting the Japanese in the Pacific!!  And in that amount of time – this administration can’t build a working webpage.”

Boom.

(Crossposted at Sister Toldjah)


#Obamacare opening day: worse than we thought

November 6, 2013
"Obamacare has arrived"

“Obamacare has arrived”

No wonder they could only sign up six people nationwide:

The contractor documents are an up-close look at the asteroid field of issues with the Obamacare launch.

According to the war room notes: On day one, October 1, the system mistakenly rejected 90% of Medicaid applicants. The next day, estimates counted 40,000 people in the HealthCare.gov waiting room, while just 100 people had enrolled. By day three, it was clear that insurers were not getting the data for people who had signed up for their plans.

Systemwide issues were compounded by more isolated problems. On day six, Utah asked to shut down its exchange because the main insurance provider in the state had not been able to set up its template in the system. A few days later, on October 9, contractor notes say that the entire system has skipped some questions or information for 30% of all applicants.

But they’ll have things fixed for the post-Thanksgiving rush to meet the December 15th deadline for having coverage by New Year’s Day. You betcha.

I’d call this a clown-car operation, but then I would have to find a clown to apologize to.

via Bryan Preston, who notes that, even after all the problems, some people are still true believers.

(Where “true believers” means “suckers.”)

(Crossposted at Sister Toldjah)


#Obamacare: more healthcare.gov security holes

November 5, 2013
"Just a glitch"

“Just a glitch”

This thing is so wide-open, even I could hack it:

While a spokeswoman for Health and Human Services told CBS that steps had been taken to fix that particular problem, in this instance repairing a faulty software code, experts told reporter Jan Crawford that multiple security issues remain, including with usernames and passwords.

As a test, CBS gave one technology expert the real healthcare.gov username of a CBS employee, and within seconds, he identified the specific security question she used to reset her password.

Sean Henry, the former assistant director of the FBI’s cyber division, said the security issues need to be taken seriously.

“If somebody’s got the ability to look at a source code and able to reverse-engineer that and identify what somebody’s personal questions are, that should be of concern,” Henry said.

No, really?

So, let’s add data and identity theft to the sure to come Obamacare disasters, along with doctor shortages, insurance cancellations, sticker shock, benefits shock, a non-functional web site, more takers than payers, lost jobs, and a part-time nation.

Thanks, Democrats!

PS: CBS video report at the Washington Free Beacon site.

(Crossposted at Sister Toldjah)


Another #Obamacare web site security screw-up

November 2, 2013

Obama foreign policy advisers

Healthcare.gov site design team

Via Andrew Malcolm, this one’s a beaut:

Justin Hadley logged on to HealthCare.gov to evaluate his insurance options after his health plan was canceled. What he discovered was an apparent security flaw that disclosed eligibility letters addressed to individuals from another state.

“I was in complete shock,” said Hadley, who contacted Heritage after becoming alarmed at the breach of privacy.

Hadley, a North Carolina father, buys his insurance on the individual market. His insurance company, Blue Cross Blue Shield of North Carolina, directed him to HealthCare.gov in a cancellation letter he received in September.

After multiple attempts to access the problem-plagued website, Hadley finally made it past the registration page Thursday. That’s when he was greeted with downloadable letters about eligibility — for two people in South Carolina.

Hadley and one of the men to whom the letters were addressed, Attorney Elgin Dougall of South Carolina, have since been trying to get the mess straightened out, but the HHS “help lines” seem to be of no help.

Read the whole thing. As I wrote before, there is no way short of the threat of death that I am going anywhere near healthcare.gov.

(Crossposted at Sister Toldjah)


Glorious #Obamacare victory as millions sign up on first day!

October 31, 2013
"Train wreck"

“Train wreck”

Wait. Did I say “millions?” What I meant was “six.” As in six people enrolled on the first day.

In the entire nation:

For 31 days now, the Obama administration has been telling us that Americans by the millions are visiting the new health insurance website, despite all its problems.

But no one in the administration has been willing to tell us how many policies have been purchased, and this may be the reason: CBS News has learned enrollments got off to an incredibly slow start.

Early enrollment figures are contained in notes from twice-a-day “war room” meetings convened within the Centers for Medicare and Medicaid Services after the website failed on Oct. 1. They were turned over in response to a document request from the House Oversight Committee.

The website launched on a Tuesday. Publicly, the government said there were 4.7 million unique visits in the first 24 hours. But at a meeting Wednesday morning, the war room notes say “six enrollments have occurred so far.”

They were with BlueCross BlueShield North Carolina (1) and Kansas City, CareSource and Healthcare Service Corporation.

By Wednesday afternoon, enrollments were up to “approximately 100.” By the end of Wednesday, the notes reflect “248 enrollments” nationwide.

The health care exchanges need to average 39,000 enrollees a day to meet the goal of seven million by March 1.

Let’s see. Six enrollments divided by 4.7 million visits equals a success rate of…. 0.000001276595745 percent.

Somehow, I think they’re going to have trouble meeting that goal of 7 million.

Footnote:
(1) We can safely assume none of these were Sister Toldjah. ;)

(Crossposted at Sister Toldjah)


#Obamacare site security: worse than we thought?

October 31, 2013
"Obama foreign policy advisers"

“Obamacare implementation team”

I told you there was never “just one roach.” Just two days after learning of at least one easy hack to access private data at healthcare.gov and just one day after HHS Secretary Kathleen Sebelius swore up and down that site security was her department’s top priority, we have the former head of the Social Security Administration telling us the administration deliberately broke privacy laws to rush the site out by October 1st:

In an interview with NBC News, a former top government official raised his own questions about the site’s security, and about the healthcare.gov’s privacy protections. Michael Astrue, the Bush appointee who served as head of the Social Security Administration from 2007 until early this year, said that the Obama administration exempted the website from many federal privacy protections, potentially making the personal data on healthcare.gov accessible to a range of government and private entities, including the Department of Homeland Security to credit agencies.

“There were shortcuts taken on the information technology,” said Astrue, “and there were shortcuts taken in terms of adherence to the laws that protect our rights.”

According to Astrue, concerns about privacy protections were the subject of debate within the administration before launch. But Astrue said that his warnings that the site’s design should not contravene the Federal Privacy Act were ignored. “I was extremely upset,” said Astrue. “First of all they were violating the statute. Second, there would be real world consequences for Americans.”

Three weeks after healthcare.gov launched, administration officials granted 13 exemptions to the Privacy Act permitting sensitive personal data being entered into healthcare.gov and the state health insurance exchanges to be shared with agency contractors, consultants, the Department of Homeland Security, state and local governments, employers and family members. The exemptions are displayed in fine print on healthcare.gov.

“Don’t worry,” the administration might say. “The people handling this data will only access it at need and would never, ever abuse it. I pinky swear!” Well, after revelations about the IRS leaking confidential tax returns and NSA employees spying on ex-spouses and lovers, let’s just say I don’t have much confidence in this “official promise:”

In a statement, a spokesperson for the Department of Health and Human Services told NBC News, “When consumers fill out their online Marketplace applications, they can trust that the information they’re providing is protected by stringent security standards and that the technology underlying the application process has been tested and is secure.”

But let’s assume for the moment that all these people at all levels, federal, state, and private, are all honorable and would never misuse their privileges. There’s still the very big question of technological security, itself. We know now the prime contractor, CGI Federal, told the government last summer that it was very concerned about the lack of adequate security testing. The government itself was worried about a “high security risk.” And we know that obtaining user information during the system’s first three weeks of operation was frighteningly easy. Just how secure are all these various computer systems at all these myriad levels? And what about the pipes and hubs through which the data has to flow? How about software bugs no one knows of yet, maybe introduced by the very fixes HHS is working on?

And what about the thousands of users, themselves? How many of them, not malicious but still careless, are using easy to crack passwords? Their child’s first name? Their birthdate? Their driver’s licence number? As Congressman Mike Rogers (R-MI) told Sebelius:

“You have exposed millions of Americans because you all, according to your memo, believed it was an acceptable risk,…”

This structure has a million potential holes in it, just waiting for data thieves to strike, and Astrue’s description of the administration’s cavalier attitude toward security turns this from a worry to a disaster in the making.

PS: I don’t know about you, but I’m stunned that it’s NBC reporting this.

(Crossposted at Sister Toldjah)


#Obamacare horror story: Whether you want it or not, you *will* be enrolled

October 30, 2013
satire shock surprise

“A hair-raising tale!”

Right on time for Halloween, you have to check out this Storify from Twitter user “Nied’s Dead Horse.” Having decided to create an account at healthcare.gov to browse the available options, Nied took a look around and closed her browser. She did not pick a plan, she did not enroll, and she was assured by an online rep that she could not be enrolled without actively choosing a plan. Reassured, she logged off.

But something nagged at her, so she logged back on to double check. This is what she found:

Makes you wonder where all those high Medicaid enrollment numbers are coming from, doesn’t it? How many more have been signed up and not told?

Back to Nied, she found she could not remove Medicaid from her “My plans” section. Repeated calls to multiple telephone “help” numbers were useless. They couldn’t tell her whether it was a just web site error or whether she was really enrolled –illegally!– in Medicaid. They couldn’t explain to Nied how this happened and instead just muttered something about a –wait for it– “glitch.” One they’ve known about for days!

This is utterly appalling. This bug-laden web site, which HHS and the White House knew wasn’t ready to go, isn’t just crashing. It’s signing people up for Medicaid (and other programs?) whether they qualify or not — or even want it. And then it won’t let them go.

Was this thing designed by Dr. Forbin?

Think of the possibilities: if it’s signing people up erroneously for Medicaid, is it also assigning browsers to other plans? If a user actually chooses a plan, does Obamacare “helpfully” put them in a different one? Or what about the opposite: you think you’ve signed up for the right plan, then the system drops you and you find yourself unknowingly but illegally without insurance in 2014?

Don’t forget the huge security hole that was just revealed. Between that and the system signing up people for Medicaid whether they want it or not, they don’t need to just fix this system, they need to shut it down entirely and destroy the data before something truly tragic happens.

And, by the way, between you and me? There is no way on God’s green earth that I am logging onto that web site. I was mildly curious before and had considered taking a look, but, after this… Picture me running away, very fast.

via Cuffé

(Crossposted at Sister Toldjah)


Beyond a glitch: massive security hole found in Obamacare site software

October 29, 2013
"Just a few bugs"

“Just a few bugs”

Yet another reason to feel secure in the knowledge that the government is forcing people into this system under penalty of law:

Until the Department of Health fixed the security hole last week, anyone could easily reset your Healthcare.gov password without your knowledge and potentially hijack your account.

The glitch was discovered last week by Ben Simo, a software tester in Arizona. Simo found that gaining access to people’s accounts was frighteningly simple. You could have:

  • guessed an existing user name, and the website would have confirmed it exists.
  • claimed you forgot your password, and the site would have reset it.
  • viewed the site’s unencrypted source code in any browser to find the password reset code.
  • plugged in the user name and reset code, and the website would have displayed a person’s three security questions (your oldest niece’s first name, name of favorite pet, date of wedding anniversary, etc.).
  • answered the security questions wrong, and the website would have spit out the account owner’s email address — again, unencrypted.

Armed with the account holder’s email address, a person with malicious intent could easily track down their target on social media, where they’d likely discover the answers to those security questions.

It wouldn’t have even taken a skilled hacker. Anyone with bad intentions — and a minimal understanding of how to read a website’s code — could have figured it out. While such an attack might not have yielded your Social Security number or health information, it would have exposed your address and phone number.

But, don’t worry. Rest easy. They’ve fixed that problem… After the site had been operating for three weeks.

Remember, there’s never just one roach.

(Crossposted at Sister Toldjah)


Don’t forget Obamacare’s electronic medical records wreck

October 23, 2013

You think the enrollment problems with the Obamacare web site are bad, just wait until they start handling patient records.


#Obamacare fiasco: in which Kathleen Sebelius stars in “Liar, Liar”

October 23, 2013
"Liar"

“Liar”

The Obamacare rollout has been such a PR disaster for the administration (and a real disaster for real Americans), the administration has been forced to deploy its sure-fire, can’t miss defense — the President didn’t know:

President Barack Obama didn’t know of problems with the Affordable Care Act’s website — despite insurance companies’ complaints and the site’s crashing during a test run — until after its now well-documented abysmal launch, the nation’s health chief told CNN on Tuesday.

In an exclusive interview with Health and Human Services Secretary Kathleen Sebelius, CNN’s Dr. Sanjay Gupta asked when the President first learned about the considerable issues with the Obamacare website. Sebelius responded that it was in “the first couple of days” after the site went live October 1.

“But not before that?” Gupta followed up.

To which Sebelius replied, “No, sir.

And it would have worked, too, except for that darned Inspector General:

But the inspector general for HHS issued a report (PDF) at the beginning of August noting that the Centers for Medicare & Medicaid Services missed multiple deadlines for testing and reporting data security risks in connection with signing up on the healthcare exchanges as they barreled toward the launch date.

“Several critical tasks remain to be completed in a short period of time, such as the final independent testing of the Hub’s security controls, remediating security vulnerabilities identified during testing, and obtaining the security authorization decision for the Hub before opening the exchanges,” said the report from Deputy Inspector General for Audit Services Gloria L. Jarmon to CMS Administrator Marilyn Tavenner and Chief Information Officer Tony Trenkle.

…and…

This Aug. 2 report was hardly a secret confined to HHS. Senate Minority Leader Mitch McConnell (R-Ky.) used the report to call on the administration to not force people onto healthcare exchanges when the government was missing testing deadlines and benchmarks on the security of personal and financial data.

But now the administration, through its meat-puppet Kathleen Sebelius, would have us believe that President Obama didn’t know about the problems with healthcare.gov. Just like he didn’t know about the security weaknesses at Benghazi, or the harassment of Americans exercising their First Amendment rights by the IRS, or the rifling through the phone records of the AP, or the surveillance of FOX reporter James Rosen. He just heard about it on the news. Like Eric Holder in the Fast and Furious scandal, Obama’s excuse is that he isn’t culpable because he was ignorant.

It’s the “Being There” presidency, and Obama is “Chauncey Gardiner!”

Liars.

(Crossposted at Sister Toldjah)


Follow

Get every new post delivered to your Inbox.

Join 12,173 other followers