Obama administration officials produced a memo documenting security concerns with healthcare.gov, the health insurance exchange website, the Associated Press reports:
The document, obtained by The Associated Press, shows that administration officials at the Centers for Medicare and Medicaid Services were concerned that a lack of testing posed a potentially “high” security risk for the HealthCare.gov website serving 36 states. It was granted a temporary security certificate so it could operate.
Security issues are a new concern for the troubled HealthCare.gov website. If they cannot be resolved, they could prove to be more serious than the long list of technical problems the administration is trying to address.
“You accepted a risk on behalf of every user…that put their personal financial information at risk,” Rep. Mike Rogers, R-Mich., told Health and Human Services Secretary Kathleen Sebelius during questioning before the House Energy and Commerce Committee. “Amazon would never do this. ProFlowers would never do this. Kayak would never do this. This is completely an unacceptable level of security.”
Sebelius countered that the system is secure, even though the site has a temporary certificate, known in government parlance as an “authority to operate.” Sebelius said a permanent certificate will only be issued once all security issues are addressed.
Added spokeswoman Joanne Peters: “When consumers fill out their online…applications, they can trust that the information they’re providing is protected by stringent security standards and that the technology underlying the application process has been tested and is secure. Security testing happens on an ongoing basis using industry best practices.”
A security certificate is required before any government computer system can process, store or transmit agency data. Temporary certificates are allowable, but under specific circumstances.
Earlier, the secretary said she’s responsible for the “debacle” of cascading problems that overwhelmed the government website intended to make shopping for health insurance clear and simple.
“Hold me accountable for the debacle,” Sebelius said during a contentious hearing. “I’m responsible.”
Security issues are a new concern for the troubled HealthCare.gov website. If they cannot be resolved, they could prove to be more serious than the long list of technical problems the administration is trying to address.
“You accepted a risk on behalf of every user…that put their personal financial information at risk,” Rep. Mike Rogers, R-Mich., told Health and Human Services Secretary Kathleen Sebelius during questioning before the House Energy and Commerce Committee. “Amazon would never do this. ProFlowers would never do this. Kayak would never do this. This is completely an unacceptable level of security.”
Sebelius countered that the system is secure, even though the site has a temporary certificate, known in government parlance as an “authority to operate.” Sebelius said a permanent certificate will only be issued once all security issues are addressed.
Added spokeswoman Joanne Peters: “When consumers fill out their online…applications, they can trust that the information they’re providing is protected by stringent security standards and that the technology underlying the application process has been tested and is secure. Security testing happens on an ongoing basis using industry best practices.”
A security certificate is required before any government computer system can process, store or transmit agency data. Temporary certificates are allowable, but under specific circumstances.
Earlier, the secretary said she’s responsible for the “debacle” of cascading problems that overwhelmed the government website intended to make shopping for health insurance clear and simple.
“Hold me accountable for the debacle,” Sebelius said during a contentious hearing. “I’m responsible.”
Michael Astrue, a former Social Security administrator, has written about Obamacare’s security weaknesses and the program’s inauspicious debut in recent issues of THE WEEKLY STANDARD.
