A recent report by Mother Jones highlights a flaw in the coding of the Obamacare website that could lead to users’ sensitive and private information vulnerable to hackers.

“According to several online security experts, Healthcare.gov…has a coding problem that could allow hackers to deploy a technique called ‘clickjacking,’ where invisible links are planted on a legitimate web page.”

Thus far, this method has been used to get access to e-mail, Twitter, and Facebook accounts by exploiting similar coding weaknesses to implant their own links underneath a legitimate link. Users of the healthcare site would then be taken to a different page, where they essentially give all of their sensitive information to the owners of that site instead of the government.

The report also suggests that because the states who are running their own healthcare exchanges aren’t using “standard encryption throughout their Obamacare websites” this information is also at risk. A statement from the Department of Health and Human Services or HHS—whose credibility has lessened after the troubled rollout of the website—says that their security system already in place would “quickly identify security incidents and ensure that the relevant law enforcement authorities, such as the HHS Office of Inspector General Cyber Crimes Unit, are notified for purposes of possible criminal investigation.” Still for those who’ve already dealt with site glitches, this does very little to assuage their fears.

However, it is not all doom-and-gloom for the Healthcare.gov site. According to the Mother Jones story, “sensitive information submitted through the website is not permanently stored in any centralized database (contrary to Republican fears),” which means that it is only during sign-up that a user’s information is really vulnerable.

Digital security experts decry the HHS policy that cancelled the original plan to have the site be open-source, suggesting that the vast community of programmers on the internet could help solve site issues more quickly.