Health care website has passed security testing, experts say

A woman reads the HealthCare.gov insurance marketplace internet site. (Karen Bleier, AFP)

WASHINGTON Cybersecurity concerns over the federal health care website have been cleared up through testing, said a government security professional who initially had qualms about the system to lawmakers on Thursday.

But a congressional hearing featuring three senior technology experts from within the Health and Human Services Department also revealed a broader internal debate before the hapless launch of healthcare.gov last fall.

One of the witnesses, HHS Chief Information Officer Frank Baitman, said he personally brought security issues to the attention of the department's second-in-command, Bill Corr, as well as another senior official. It's unclear what, if anything, Secretary Kathleen Sebelius and White House officials were told.

The technical problems that frustrated consumers for weeks as they tried to sign up for health insurance would pale in comparison if a serious security breach compromised the names, Social Security numbers, incomes and other personal information of millions of Americans.

Republicans on the House Oversight and Government Reform Committee are trying to build a case that the administration ignored security concerns to meet a self-imposed Oct. 1 deadline for flipping the switch. The administration and Democratic lawmakers say all issues were addressed through special vigilance instituted just before the launch.

Officials told the committee that no attempted attack by hackers has succeeded, though a shadowy group calling itself "Destroy Obamacare" has tried. There have been 13 known inadvertent exposures or disclosures of information.

The root of the controversy is that the health care site did not get full security testing, as is the usual practice with federal systems before they are put into use.

However, Medicare's top cybersecurity official testified Thursday that the revamped website passed full security tests Dec. 18, easing her concerns about vulnerabilities. Teresa Fryer, chief information security officer at the Centers for Medicare and Medicaid Services, had initially balked at the site going live.

She said Thursday she would now recommend full operational and security certification for the site, which currently has what amounts to a six-month permit.

Follow this link:

Health care website has passed security testing, experts say

Related Posts

Comments are closed.