Daily Kos

Yikes! That's definitely a serious issue which needs to be addressed ASAP, right?

Well...you know, except for the part where the actual article specifically states that "when they attempted to exploit it like a malicious hacker would, they were blocked by the system's defenses."

So...you know, not quite so "critical" after all, I guess.

However, there's one other little problem. You might note that there appears to be a typo in the third paragraph, which lists the start of Open Enrollment as November 15, when in fact it's actually November 1st; the HHS Dept. moved the start date up two weeks this year.

Here's the problem: That's no typo. Or, more accurately the entire article is a typo.

Here's what I mean...check out this AP Newswire article from September 23, 2014...exactly 1 year and one day earlier:

Obamacare website plagued by ‘critical' flaw, inspector general finds

The government's own watchdogs tried to hack into HealthCare.gov earlier this year and found what they termed a critical vulnerability - but also came away with respect for some of the health insurance site's security features.

Those are among the conclusions of a report being released Tuesday by the Health and Human Services Department inspector general, who focuses on health care fraud.

The report amounts to a mixed review for the federal website that serves as the portal to taxpayer-subsidized health plans for millions of Americans. Open enrollment season starts Nov. 15.

So-called "white hat" or ethical hackers from the inspector general's office found a weakness, but when they attempted to exploit it like a malicious hacker would, they were blocked by the system's defenses.

It's the second independent security assessment in as many weeks to find problems, and it comes on the heels of the massive breach at Home Depot stores, which affected 56 million credit and debit cards.

The public version of the report is a condensed, heavily edited summary of detailed findings delivered to the Obama administration.

The "2015 version" is still posted as of 12:10am Friday. Here's the screen shot if you doubt me:

On the one hand, I'm assuming this was an honest mistake which will soon be corrected.

On the other hand, it's been over 6 hours and the story is still posted on at least one Tampa Bay/Sarasota, Florida newspaper website (and possibly their print edition as well?), just 5 weeks before the Open Enrollment period starts again. In addition, of course, no one who's read the "2015 version" has any idea that this refers to a year-old technical issue which was fixed nearly a year ago.

Anyone know who to contact at the AP to fix this??
See Update x2 below

UPDATE: Thanks to Michael Hiltzik of the L.A. Times for reminding me that I even wrote a blog entry about this exact story when it originally ran one year ago!!

Headline: "Critical Flaw at HC.gov!!" Article: "Blocked by System Defenses"

UPDATE x2: Thanks to Eileenb in the comments for noting that re-posting the story yesterday appears to be a screw-up by the local news station (WTSP, Tampa Bay/Sarasota), not by the AP itself...it looks like WTSP simply re-published the story from the AP archives.

Of course, this doesn't change the fact that the "Critical Flaw" headline was still bullshit in the first place.

Also, WTSP still has the article posted as of 8:40am Friday morning.

Title updated to reflect clarification.

UPDATE x3: Oh for heaven's sake. It turns out there really is a different, new AP story regarding other security issues at Healthcare.Gov...although, once again, according to the CMS division, those issues have already been resolved:

The government stored sensitive personal information on millions of health insurance customers in a computer system with basic security flaws, according to an official audit that uncovered slipshod practices.

The Obama administration said it acted quickly to fix all the problems identified by the Health and Human Services inspector general's office. But the episode raises questions about the government's ability to protect a vast new database at a time when cyberattacks are becoming bolder.

...The flaws uncovered by auditors included issues of security policy — where mistakes can have bigger consequences — as well as 135 database vulnerabilities, of which nearly two dozen were classified as potentially severe or catastrophic.

Among the policy mistakes: User sessions were not encrypted, contrary to standard practice on financial websites. "Not doing so is inexcusable for such sensitive data," said Michelle De Mooy, deputy director for consumer privacy at the Center for Democracy & Technology, an Internet rights group.

...In a written response to the audit, Medicare administrator Andy Slavitt said that "the privacy and security of consumers' personally identifiable information are a top priority" for his agency. Slavitt said all of the high vulnerabilities were addressed within a week of being identified, and that all of the IG's recommendations have been fully implemented.

The Medicare agency is conducting weekly vulnerability assessments of MIDAS, and an annual security review, Slavitt said.

If so, that would rule out it being intentional...but it's still a pretty bad mistake which should be corrected. As of 9:30am, it still hasn't been...

UPDATE x4: Holy crap on a stick, this really IS a MASSIVE FAIL for the AP after all. Check out my follow-up story over at ACASignups.net.