Healthcare.gov lacks several basic cybersecurity controls — including strong passwords and consistent security patching — nearly a year after the troubled launch of the insurance-shopping website, a government auditor said.

The website, a centerpiece of the 2010 insurance reform package the Affordable Care Act, does not have a complete system security plan in place, said a report released Thursday by the U.S. Government Accountability Office.

The U.S. Department of Health and Human Services, which operates Healthcare.gov, has not completed security testing at the site and allows some outside systems that connect to the website to access the Internet, “increasing the risk that unauthorized users could access data” from Healthcare.gov’s insurance marketplace, the report said.

To read this article in full or to leave a comment, please click here