Security vendor Loricca says Healthcare.gov is vulnerable to “known security risks,” including cross-site scripting, un-validated redirects, SQL injection, authentications and sessions and insecure direct object references. Security expert: “Anything that doesn’t even work is almost by definition going to be a security disaster” There have been no data breaches of the site reported yet, but a “skilled hacker” discovered a “theoretical (security) problem” and told the HHS about it.”]