We’re shocked — shocked — to learn that ObamaCare is vulnerable to fraud via the federal exchange website, Healthcare.gov. But in all seriousness, this reality should be particularly unsettling in the wake of the recent OPM data breach.

After weeks of continually re-upping the number of employees whose data records were hacked through the federal government’s Office of Personnel Management (OPM), the government finally settled on 21.5 million. Fully 8% of the nation’s population, these federal employees and their relatives had their personal information stolen by what were likely Chinese hackers in two separate attacks.

So with federal employee data now available to the highest bidder, the Government Accountability Office’s glib announcement this week about ObamaCare not being set up to protect against fraud should be a warning that more trouble is on its way.

The GAO conducted an audit last year to test the security of the ObamaCare enrollment site. The GAO created 18 fake identities and enrolled them in ObamaCare; 11 were automatically re-enrolled. Six fake identities were flagged and sent termination notices, but GAO was able to get five reinstated. And that’s not the worst part. Not only were the five fake identities reinstated; when they renewed, they were able to receive a slight increase in monthly subsidies.

It’s no secret that government programs are rife with fraud. But ObamaCare, according to the GAO, isn’t even set up to detect it. This week’s report states, “HealthCare.gov’s document-processing contractor is not required to seek to detect fraud. … [T]he contractor personnel involved in the document verification process are not trained as fraud experts and do not perform antifraud duties.”

Former Health and Human Services Secretary Kathleen Sebelius reported to the president, Congress and the nation that Healthcare.gov would be a safe and secure site, even from the moment of its disastrous launch. Those initial functionality issues and frequent crashes now seem trivial in comparison to the site’s utter lack of security.

As Reason’s Peter Suderman points out, the GAO report tells us not only of Healthcare.gov’s problems, but also that the government’s “word” is worthless. Statements by Obama administration officials about the site’s security were either misstatements based on incompetence or outright lies. Either way, this administration is not to be trusted. But we knew that.

Indeed, we suspect many of the 6.6 million people who elected to pay the penalty for not enrolling in ObamaCare rather than buy overpriced insurance already knew that.

It’s certainly notable that 6.6 million people declined enrollment in favor of a penalty versus eight million who did enroll. And a significant number of enrollees already had insurance. So what does that say about the “success” of ObamaCare?

With reliability like this, we can safely conclude that the only reason the program still survives is because the Supreme Court was willing to subvert the Constitution twice to defend it.