Watchdog: Calif. ObamaCare site was vulnerable to hackers

California’s ObamaCare marketplace did not comply with all federal security requirements and could have been vulnerable to hackers, according to an inspector general report released Thursday. 


The federal Department of Health and Human Services Inspector General report found that Covered California, the state’s ObamaCare marketplace, did have some security measures in place, as of June 2014. 

“However, it did not always comply with Federal requirements,” the report states. For example, the marketplace did not perform a “vulnerability scan” to identify weaknesses in its systems, in accordance with federal requirements, the IG finds. 

While the report notes that there was no evidence that any attacks had actually been able to exploit the weaknesses, the report notes that people’s personal information was in danger of being compromised. 

“The weaknesses were collectively and, in some cases, individually significant and could have potentially compromised the integrity of the marketplace,” the report states. 

Covered California agreed with all of the IG’s recommendations and has outlined steps it has taken and will take to implement them, according to the report. 

The marketplace said in a statement that the IG had scrutinized more than 100 aspects of its security.

"We are pleased that OIG recommended improvements to only three security-related items and found no evidence that the weaknesses identified had been exploited," Covered California said. "We have already taken steps to implement each of the recommendations to provide even further protections for our consumers, and we welcome the opportunity to adopt and institute additional measures to strengthen our existing security protocols.” 

Cyberattacks on health insurers have raised concerns recently, including a massive data breach at the insurer Anthem, which exposed the personal information of millions of people. 

This post was updated at 8:21 p.m.