The Power of an Individual Tester: The HealthCare.gov Experience

Like millions of other Americans, Ben Simo visited HealthCare.gov in search of health insurance and found a frustratingly buggy website that was failing to fulfill its purpose―to educate people on the new health insurance law and help them purchase health insurance. After failing to create an account, Ben put on his tester hat and turned on his web developer tools. In addition to many functional and performance issues, Ben soon discovered a chain of security vulnerabilities that exposed users to unnecessary risk. Finding HealthCare.gov customer service unequipped to receive reports of security vulnerabilities, he blogged his discoveries, spawning a storm of public attention which hailed Ben as a “web expert,” “methodical IT guru," “folk hero”—and “not too bright.” His reports even came up in congressional hearings, where the Secretary of Health and Human Services referred to Ben as “a sort of skilled hacker.” Ben’s reports helped bring attention to problems that suggested a systematic lack of care and understanding of system design and information security. Join Ben as he shares his experience, the issues he found, and lessons testers can learn from HealthCare.gov.