Â鶹ŮÓÅ

Federal investigators found significant cybersecurity weaknesses in the health insurance websites of California, Kentucky and Vermont that could enable hackers to get their hands on sensitive personal information about hundreds of thousands of people, The Associated Press has learned. And some of those flaws have yet to be fixed. The vulnerabilities were discovered by the Government Accountability Office, the investigative arm of Congress, and shared with state officials last September. (4/7)

California’s system, known as Covered California, is the nation’s largest state-run exchange. Both California and Kentucky have been touted as a national model, though Vermont has had a documented history of issues with its exchange. The GAO’s investigation was released in March, but without naming the states. That information was reported Thursday by the Associated Press, in response to a Freedom of Information Act request. Federal officials said their findings in the investigation, which was initially limited to those three states, likely means that other states’ websites have faced similar cyber issues. (Farris, 4/7)

Three weeks ago, a debilitating digital virus spread quickly in computer networks at three Southern California hospitals owned by Prime Healthcare Services. Using a pop-up window, hackers demanded about $17,000 in the hard-to-trace cybercurrency called Bitcoin to destroy the virus they had implanted. The virus had encrypted medical and other data so it was impossible to access. ... The attempted extortion by criminal hackers was the latest case of what the FBI says is a fast-growing threat to vulnerable individuals, companies and low-profile critical infrastructure, from hospitals and schools to police stations. (Hennigan and Bennett, 4/8)