According to reports, HealthCare.gov skipped many security requirements before launching. The Obama administration granted itself a waiver to launch the website despite a high-level of security risk. Security experts say many of the sites contain common errors that would have been flagged during a static code analysis test. The first round of exploits we are likely to see will involve phishing, they say. The most common types of attacks will be Cross-Site Scripting (XSS), SQL Injection, and CSRF (CSRF)”]