At its heart, healthcare.gov is a data "hub" that allows much of the data in seven massive databases to remain at rest between queries, such as whether someone has applied for health insurance on one of the state or federal exchanges, the type of plan they have selected, what the status of that application is, related information about the applicant's income level (as supplied by the IRS) and what tax credits those applicants are eligible for.
Each of those databases has individually been protected by a variety of data security measures for years. To the best of my knowledge, healthcare.gov does not copy all this information into one massive table. In this way, healthcare.gov, in all its buggy glory, still manages to resemble another distributed computing system that seems to continue to survive all manner of cyber-attack—the Internet itself.
Still, voices calling for healthcare.gov to be shut down until a complete risk assessment and security audit can be conducted persist. And they're coming from some startling sources, such as Mac McMillan, the chair of the HIMSS privacy and security task force.
"If that were the standard, they would have to shut down most of the Internet," was the terse comment I elicited from Bruce Schneier, one of the world's foremost data security experts.