Hacker: Obamacare Site Has Major Security Flaws A cybersecurity expert says it could take a year to secure the risk of 'high exposures' of personal information on the federal Obamacare online exchange.

By Matthew J. Belvedere

This story originally appeared on CNBC

It could take a year to secure the risk of "high exposures" of personal information on the federal Obamacare online exchange, a cybersecurity expert told CNBC on Monday.

"When you develop a website, you develop it with security in mind. And it doesn't appear to have happened this time," said David Kennedy, a so-called "white hat" hacker who tests online security by breaching websites. He testified on Capitol Hill about the flaws of HealthCare.gov last week.

"It's really hard to go back and fix the security around it because security wasn't built into it," said Kennedy, chief executive of TrustedSec. "We're talking multiple months to over a year to at least address some of the critical-to-high exposures on the website itself."

The Department of Health and Human Services—which oversaw the implementation of the website—was not immediately available for comment.

Another online security expert—who spoke at last week's House hearing and then on CNBC—said the federal Obamacare website needs to be shut down and rebuilt from scratch. Morgan Wright, CEO of Crowd Sourced Investigations said: "There's not a plan to fix this that meets the sniff test of being reasonable."

Last month, a Sept. 27 government memorandum surfaced in which two HHS officials said the security of the site had not been properly tested before it opened, creating "a high risk."

HHS had explained then that steps were taken to ease security concerns after the memo was written, and that consumer information was secure. Technicians fixed a security bug in the password reset function in late October, the agency said.

But on CNBC, Kennedy disputed those claims, saying vulnerabilities remain on "everything from hacking someone's computer so when you visit the website it actually tries to hack your computer back, all the way to being able to extract email addresses, users names—first name, last name—[and] locations."

Government officials and contractors have been working around the clock for weeks, releasing fixes on HealthCare.gov nightly with the goal of meeting the Obama administration's self-imposed deadline of the end of the month to have the site working smoothly.

"When you look at the site itself, it could be really good. It could do really well. They're just not building the security into the site itself," said Kennedy. "Putting your information on there is definitely a risk."

The federal portal serves 36 states not operating their own health insurance exchanges. Fourteen other states and the District of Columbia run their own marketplaces. All of them launched on Oct. 1 as part of the Obamacare provision mandating most Americans have health-care coverage for next year or face tax penalties.

Kennedy said those state-operated exchanges also face security risks. "These are going to be a large area for attack." He pointed to a problem on the Vermont website on Friday. Officials overseeing the Vermont Health Connect website confirmed a security breach on the system last month.

When it comes to securing personal information online, Kennedy cited Amazon,Facebook, and Twitter as models for the industry. He even said the IRS website does regular testing to help "ensure that when the websites come out they're protected."

Matt Belvedere is a veteran journalist at the intersection of where live television news programs and the Internet meet -- developing and managing an online and social media presence for CNBC's flagship morning show, "Squawk Box."

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Business Ideas

63 Small Business Ideas to Start in 2024

We put together a list of the best, most profitable small business ideas for entrepreneurs to pursue in 2024.

Devices

The Last Pen You'll Ever Have to Buy — Never Run Out of Ink Again With the ForeverPen

The world's smallest inkless pen is durable, portable, and built to last.

Devices

Save 45% on an iPad Air With This Holiday Sale

You got gifts for everyone else—now it's time to treat yourself.

Leadership

The End of Bureaucracy — How Leadership Must Evolve in the Age of Artificial Intelligence

What if bureaucracy, the very system designed to maintain order, is now the greatest obstacle to progress?

Business News

A New Hampshire City Was Named the Hottest Housing Market in the U.S. This Year. Here's the Top 10 for 2024.

Zillow released its annual lists featuring the top housing markets, small towns, coastal cities, and geographic regions. Here's a look at the top real estate markets and towns in 2024.

Making a Change

Expand Your Global Reach with Access to More Than 150 Languages for Life

Unlock global markets with this language-learning platform.