Vermont Health Exchange - 01/07/2014

A Romanian hacker accessed the Vermont Health Exchange's development server last December gaining access at least 15 times and going undetected for a month."CGI Group, the tech firm hired to build Vermont Health Connect, described the risk as “high” in a report about the attack. It also found possible evidence of sophisticated “counter-forensics activity performed by the attacker to cover his/her tracks.”""The report says that no private consumer information was stored on the hacked server, and that CGI Group had “verified that no additional servers [that may store private data] communicated with any of the identified attacker IP addresses.”"This individual was able to gain access to the server because the defaut password on that server was never changed (in violation of guidelines laid out in the state’s official policy) along with the fact that the access to the server was never restricted to those users who were known and authorized to be on the server.