<img src="https://secure.leadforensics.com/32105.png" style="display:none;">

Default password sees US Govt Healthcare website hacked

healthcare.govMost hacks don't hit the headlines, but when it's the US Government's HealthCare.gov that's hacked, you can be sure it'll make the news. A hacker, still unknown to authorities, recently compromised the HealthCare.gov's insurance enrolment website. According to the Department of Homeland Security, once the hacker had gained access, they proceeded to upload malicious software to target the site's visitors.

If it wasn't such a serious breach, the attack vector would be comical, with the 'hacker' gaining access simply by using the default password that hadn't been changed. The reason for the 'oversight' was that the server was in a 'test environment' used by the development team.

An investigation was said to have concluded that no personal data was illegally accessed during the attack, but it's yet another example of organizations being compromised for not taking the most-basic of security measures by simply using strong passwords to protect business critical systems.

No matter how stressful, time-pressured or complex development projects may become, it’s crucial to give proper consideration to the security that underpins them. While it may seem like an acceptable shortcut, cutting corners on security can end up costing more time in the long run and do untold reputational damage should weaknesses be exploited. Neglecting security during a development is a common fault that hackers are only too keen to exploit - the US Government being the latest red-faced victim. If you have a test environment within your business, ensure that your developers take the same precautions that you'd expect them to take with live websites - and protect access with strong passwords.

Back to Blog

Related Articles

How reusing passwords exposes businesses to cyber risk

Organisations that rely on password-based authentication to protect corporate accounts often focus security initiatives on ensuring passwords are long and strong in...

How IAM Can Turn Shadow IT From a Weakness to a Strength

Shadow IT can be a controversial topic for CIOs, and with McAfee estimating that unauthorised cloud usage is at least ten times higher of that known to IT...

Hybrid working employees require a passwordless experience

Most businesses have had to adapt to some form of remote working over the past year. Whilst there have certainly been challenges with this transition – especially...