Most of the news lately has been about Target and how hackers stole the personal information of about 40 million Target shoppers. Some of the private information is now being sold on the black market. What would happen in the event someone or some country hacked healthcare.gov? Absolutely nothing because the law is written where they assume no liability if your personal information is stolen or compromised on healthcare.gov or the various state exchanges.
But at least Target informed its customers of the security breach, as it is required by federal law to do. HealthCare.gov faces no such requirement; it need never notify customers that their personal information has been hacked or possibly compromised. The Department of Health and Human Services was specifically asked to include a notification requirement in the rules it designed for the health-care exchanges, but HHS declined.
The Federal Register tells the tale about what happened on March 27, 2012, at a meeting on the issue.
At that meeting, two commenters asked HHS to ensure the exchanges would promptly notify affected enrollees in the event of a data breach or unauthorized access to the exchange’s databases. One commenter suggested that a full investigation be launched each time such a breach occurred, with the goal of holding hackers legally and financially accountable for breaking into the website.