A respected security expert will warn Congress on Tuesday that the Obama administration's healthcare website has security flaws that put user data at a "critical risk," despite recent government assurances the data are safe.
"There are actual live vulnerabilities on the site now," David Kennedy, head of computer security consulting firm TrustedSec, told Reuters ahead of his testimony at a congressional hearing on the topic "Is My Data on HealthCare.gov Secure?"
Kennedy, a former U.S. Marine Corps cyber-intelligence analyst, said his firm has prepared a 17-page report describing some of the problems. It does not go into specifics in some areas, he said, because that could provide criminals with a blueprint for launching attacks.
(Read more: Obamacare may need a taxpayer bailout: Ex-HHS head)
"There is a lot of stuff that we are not publicly disclosing because of the criticality of the findings," he said. "We don't want to hurt people."