Hey, it’s only your personal information.

(Reuters) – A group of cyber security professionals is warning that the U.S. government has failed to implement fixes to protect the HealthCare.gov website from hackers, some three months after experts first pointed out the problem.

David Kennedy, head of computer security consulting firm TrustedSec LLC, told Reuters that the government has yet to plug more than 20 vulnerabilities that he and other security experts reported to the government shortly after HealthCare.gov went live on October 1.

Hackers could steal personal information, modify data or attack the personal computers of the website’s users, he said. They could also damage the infrastructure of the site, according to Kennedy, who is scheduled to describe his security concerns in testimony on Thursday before the House Science, Space and Technology Committee.

“These issues are alarming,” Kennedy said in an interview on Wednesday.

The Centers for Medicare & Medicaid Services, the federal agency that oversees the site’s operations, provided Reuters with a statement saying it takes the concerns seriously.

“To date there have been no successful security attacks on HealthCare.gov and no person or group has maliciously accessed personally identifiable information from the site,” the statement said.

“Security testing is conducted on an ongoing basis using industry best practices to appropriately safeguard consumers’ personal information.”