Insurance Exchanges Address Access Woes

Fine-Tuning Systems to Improve Performance
Insurance Exchanges Address Access Woes

IT leaders at state health insurance exchanges across the nation, as well as at the federal level, were fine-tuning their systems this week as consumers had trouble accessing the exchanges or completing applications for health plan coverage due to high volumes of traffic and other glitches.

See Also: Close the Gapz in Your Security Strategy

For example, the CIO of the Washington state exchange reported having to adjust its Web server bus and backend servers to accommodate sporadic use patterns. And in Connecticut, the exchange's hosting facility and traffic managing vendor had to make adjustments to improve consumers' access to the online marketplace. Meanwhile, federal officials were fine-tuning, the website behind many of the exchanges.

Neither state exchange CIO reported any issues caused by the partial government shutdown, which led to furloughing of more than 40,000 workers, or 52 percent of staff, at the Department of Health and Human Services. HHS reported that many of its employees responsible for exchange-related activities were among those being retained during the shutdown.

Security experts warned that the exchanges need to protect themselves against becoming targets of cybercriminals, including those with political motives or other malicious intent. In addition, they said consumers attempting to enroll in health plans on these online exchanges need to take precautions, such as making sure they're visiting the genuine insurance marketplaces, and not entering personal information into imposter sites.

"There's no evidence that any of the problems the exchanges have had so far were due to cyber-attacks or cybercriminals ... but the long-term risks are there," says Matthew Prince, co-founder and CEO of CloudFlare, a provider of cloud security services. "These exchanges are big targets."

The state health insurance exchanges, called for under federal healthcare reform, are online marketplaces where consumers and small businesses can enroll in health plans. Sixteen states are operating their own exchanges, while 34 states are either partnering with the federal government or are having the federal government run their exchanges.

Ironing Out Wrinkles

On Oct. 1, consumers using the Washington state health insurance exchange on its opening day experienced slow loading times or difficulty completing their applications, exchange officials said. To remedy the issue as quickly as possible, the exchange was put into maintenance mode to help identify and correct the issues. The site was shut down for a while on Tuesday during the maintenance, but brought back online later in the day.

Overnight, more work was done to smooth out problems for Day 2 of the exchange, says Curt Kwak, CIO. "After a long night of additional maintenance, the performance of the Washington Health Plan Finder is at our expected levels," he told Information Security Media Group on Oct. 3.

One technical change made was to "adjust the velocity in our web server bus, as well as back-end servers to accommodate ... sporadic use patterns from the general public," Kwak says.

While it's conceivable that these new health insurance exchanges could become targets for political sabotage by malicious attackers, Kwak is convinced the problems encountered by the Washington marketplace on Oct. 1 weren't due to nefarious causes.

"We are confident that the issues were not due to any attacks, such as a DDoS [distributed-denial-of-service] attack because we were able to identify the flow of track levels and content of the traffic and they seemed valid," Kwak says.

The CIO estimates the exchange had nearly 32,000 visits on Oct. 1. "It was a lot of traffic on the first day, as anticipated," he says.

Contingency Planning

James Wadleigh, CIO of Access Health CT, the Connecticut insurance exchange, faced a different technical issue that contributed to some customer access delays. "The one issue that impacted customers was with our hosting facility and our traffic managing vendor needing to add some server names to our environment," Wadleigh says. "Once this was done, impacted customers were able to access the site without delay."

Overall, the launch went relatively smoothly, Wadleigh says. "For a system of this complexity and size, we do have glitches and I expect that we will continue to find items as we have more and more users on our site asking questions," he adds.

"We struggled with planning volumes and planned for the worst possible scenarios," he says. But as of the evening of Oct. 1, volumes had not exceeded "our high expectations," he adds.

If traffic eventually exceeds expected volumes, the exchange has a contingency plan that would allow it to "give Connecticut residents priority [access], and then put out-of-state customers in a waiting room scenario," he says. "This is similar functionality that you would see while trying to purchase popular concert tickets when they go on sale."

Consumer Awareness

Besides the exchanges themselves needing to defend against cyberthreats, consumers need to take precautions as well.

That includes being aware of spoofed sites that are run by criminals looking to steal personal information for ID theft and other fraud.

"Any time there's a spike in Internet traffic related to a specific event, there's a spike in malware infections," says Alvin Estevez, CEO of Spyware Remove, which provides anti-malware technology.

Estevez advises that when shopping for healthcare coverage, "never use your browser to search for healthcare options. Instead, go to these trusted government sites or use your state's site to guide you."

He added: "We can already tell that the bad guys are gearing up. We've analyzed the search results for a number of terms [such as] 'Obamacare' and 'new healthcare plan' and can see the signs that trouble is brewing."

Prince of CloudFlare notes: "Many of the issues faced by these exchanges are the same ones faced by Google and Amazon. These sites need to take steps to make sure the data is secure - and so do the consumers who visit those sites."

About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.