OCS banner and logo
Keeping clients' computers safe and profitable for over 30 years

Home Forms About Current Newsletter subscribe 
Search All Articles

Browse by Category

powered by pmc2m


Moda Health Insecurity

Here is a copy of an email I sent to Moda Health regarding the security of my medical information and online account.

"You have the following sever security problems that should be corrected:
  1. Only short insecure passwords are accepted. This probably means you are storing the passwords instead of hashing them. This is terrible.
  2. You are still supporting SSL2 - This should not be supported.
  3. You support weak key exchanges
  4. You support weak cipher suites.
The bottom 3 will allow a man in the middle to compromise an SSL connection.
You can run the SSL tests yourself and get feedback on how to mitigate at: https://ssllabs.com "

This doesn't seem unusual. I had similar results checking out Kaiser and Providence as well as every doctor's portal I tested.

However, every bank I've tested, as well as Amazon and Google do things properly.

Here's an overview picture from ssllabs from a report on February 18, 2014.

Further reading:

hacking expert David Kennedy Cracks Healthcare.gov in under 4 minutes

Date: February 2014

Creative Commons License
This article is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported License.

  Please direct questions/suggestions about website to the webmaster