Nonpartisan congressional investigators announced on Wednesday that Healthcare.gov, a website that is used by millions of users to get health insurance under President Barack Obama’s law has reported more than 300 cyber security breaches and still remains vulnerable.

However, the Government Accountability Office reported that none of those breaches have leaked personal data such as names, birthdays, SS numbers, financial information or other personal information.

Those incidents, that are collectively done over the course of 18 months, seem to involve electronic probing of hackers. Even though GAO said that the Administration is working on its security flaws, Healthcare.gov will still continue to jeopardize the personal information of its users.

A woman looks at the HealthCare.gov insurance exchange internet site October 1, 2013 in Washington, DC. US President Barack Obama's Affordable Care Act, or Obamacare as it is commonly called, passed in March 2010, went into effect Tuesday at 8am EST. Heavy Internet traffic and system problems plagued the launch of the new health insurance exchanges Tuesday morning. Consumers attempting to log on were met with an error message early Tuesday due to an overload of Internet traffic. AFP PHOTO / Karen BLEIER (Photo credit should read KAREN BLEIER/AFP/Getty Images)

Expert cybersecurity investigators found out the weaknesses that are responsible for protecting information flows in the system, called the data services hub. The hub pings different agencies such as Social Security, IRS, and Homeland Security to verify the personal information of the users.

With that, it is found out that other health insurance sites that connect to the data hub propose the same weakness. Government sites are frequent targets for hackers, and Healthcare.gov is not an exception.

The flaws that can be seen in the data hub is that there are insufficient tight restrictions on administrator privileges that hackers utilize to have a broader access to the system, inconsistency of security fixes and an unsecured administrative network.

In conclusion, 41 of those breaches are personal information that is not secured properly resulting to be shown on someone that is not authorized to see it. However, those cases will only do moderate impact on users.