Three months ago experts first pointed out 20 key flaws in the site, but it appears that none of them have been fixed. David Kennedy, head of computer security consulting firm TrustedSec said that the government has yet to plug more than 20 vulnerabilities that he and other security experts reported to the government shortly after HealthCare.gov went live on October 1.
At the moment hackers could steal personal information, modify data or attack the personal computers of the website's users, he said. They could also damage the infrastructure of the site, according to Kennedy. He added that the holes are alarming and is surprised that no one seems to be fixing any of them. I appears to be a case of "if you like your security holes, you can keep them."