Some rascal online called it IdentityTheft.gov and that assessment appears to have been validated by a top security research team. The Ohio firm TrustedSec has released a security assessment of Healthcare.gov and the results, even though they were cursory by modern standards, were very grim indeed.
David Kennedy, CEO of the firm, revealed that he withheld many of the vulnerabilities because they were so severe that publishing them could have meant the complete destruction of the site. His executive summary read simply, "based on what I can see … I would say the website is either hacked already or will be soon."
I perused the entire report (PDF) this evening. In short, the site is not only a complete catastrophe from an operational perspective, it's also a hacker's dream.
More @ Doug Ross