U.S. intelligence agencies warned the Department of Health and Human Services that the Healthcare.gov may have been compromised by contractors from Belarus who worked on developing code for the network who are suspected of inserting malicious code.
“The U.S. Affordable Care Act software was written in part in Belarus by software developers under state control, and that makes the software a potential target for cyber attacks,” an unidentified official familiar with the issue said.
The code in question is used to connect millions of Americans who registered for insurance on the website to the federal government and over 300 medical providers, and potentially puts all their private data at risk of compromise.
Officials said there is also concern over last year’s Internet traffic hijacking that rerouted data through Belarusian state-controlled networks, noting that the nation, which used to be part of the Societ Union, is a repressive dictatorship that is closely aligned with Russia.
“Belarusian President [Alexander] Lukashenko’s authoritarian regime is closely allied with Russia and is adversarial toward the United States,” the official said.
The potential compromise was discovered after Belarusian official Valery Tsepkalo told a Russian radio station “our programmers wrote the program that appears on the monitors in all hospitals and all insurance companies—they will see the full profile of the given patient.”
HHS is investigating the Belarus connection. “So far HHS has found no indications that any software was developed in Belarus. However, as a matter of due diligence, they will continue to review the supply chain. Supply chain risk is real and it is one of our top concerns in the area of cyber-security,” White House National Security Council spokeswoman Caitlin Hayden said.
Read More Here…