Expert to warn Congress of HealthCare.gov security bugs
A respected security expert will warn Congress on Tuesday that the Obama administration's healthcare website has security flaws that put user data at a "critical risk," despite recent government assurances the data are safe.
"There are actual live vulnerabilities on the site now," David Kennedy, head of computer security consulting firm TrustedSec, told Reuters ahead of his testimony at a congressional hearing on the topic "Is My Data on HealthCare.gov Secure?"
Kennedy, a former U.S. Marine Corps cyber-intelligence analyst, said his firm has prepared a 17-page report describing some of the problems. It does not go into specifics in some areas, he said, because that could provide criminals with a blueprint for launching attacks.
(Read more: Obamacare may need a taxpayer bailout: Ex-HHS head)
"There is a lot of stuff that we are not publicly disclosing because of the criticality of the findings," he said. "We don't want to hurt people."
Kennedy and other security experts have warned that vulnerabilities on the site pose risks to the security of user data since shortly after its Oct. 1 launch.
At the end of last month, a Sept. 27 government memorandum surfaced in which two U.S. Department of Health and Human Services officials said the security of the site had not been properly tested before its launch, creating "a high risk."
When the memo surfaced on Oct. 30, government spokeswoman Joanne Peters said steps had been taken to ease security concerns since the memo was written, and that consumer data was secure.
(Read more: How 3 coders created a DIY fix to HealthCare.gov)
"When consumers fill out their online Marketplace applications, they can trust that the information they're providing is protected by stringent security standards and that the technology underlying the application process has been tested and is secure," she said at the time.
Peters said on Tuesday she could not immediately comment on Kennedy's findings.