Cyber-security expert David Kennedy says no security was ever built into the Obamacare site, making millions of users' personal information vulnerable to hackers.
"You're trying to rush to keep the website - the front-end that we see every day - up-and-running. Unfortunately, when you do that and you don't do any testing around that, you introduce new exposures," Kennedy told CNBC's "Squawk Box."
State-run health exchanges are required to notify of breaching of information, but the federal site HealthCare.gov is not required to comply with the same standards.
Although the Obama administration has technicians working around the clock to fix the many issues, technology experts say it could take more than a year to resolve them.