HealthCare.gov: Data Breach Waiting To Happen?

Officials at the Centers for Medicare and Medicaid Services are concerned that a lack of testing posed a potentially “high” security risk for the HealthCare.gov web site serving 36 states. Security issues are a new concern for the troubled HealthCare.gov web site. If they cannot be resolved, they could prove to be more serious than tech glitches.

Defending President Barack Obama’s much-maligned health care law in Congress, Health and Human Services Secretary Kathleen Sebelius was confronted with a government memo that raised security concerns about the Web site consumers are using to enroll.

The document, obtained by The Associated Press, shows that administration officials at the Centers for Medicare and Medicaid Services were concerned that a lack of testing posed a potentially “high” security risk for the HealthCare.gov Web site serving 36 states.

Security issues are a new concern for the troubled HealthCare.gov Web site. If they cannot be resolved, they could prove to be more serious than the long list of technical problems the administration is trying to address.

“You accepted a risk on behalf of every user that put their personal financial information at risk,” Rep. Mike Rogers, R-Mich., told Sebelius during questioning before the powerful House Energy and Commerce Committee.

Sebelius countered that the system is secure, although the site has a temporary security certificate, known in government parlance as an “authority to operate.” Sebelius said a permanent certificate will only be issued once all security issues are addressed.

Earlier, the secretary said she’s responsible for the “debacle” of cascading problems that overwhelmed the government Web site intended to make shopping for health insurance clear and simple.

“Hold me accountable for the debacle,” Sebelius said during a contentious hearing before the powerful House Energy and Commerce Committee. “I’m responsible.”

Sebelius is promising to have the problems fixed by Nov. 30, even as Republicans opposed to Obama’s health care law are calling in chorus for her resignation. She told the committee that the technical issues that led to frozen screens and error messages are being cleared up on a daily basis.

Addressing consumers, Sebelius added, “So let me say directly to these Americans, you deserve better. I apologize.”

But even as she started her testimony, some consumers trying to log into the federal Web site that serves 36 states were getting this message: “The system is down at the moment. We are experiencing technical difficulties and hope to have them resolved soon. Please try again later.”

The Sept. 27 memo to Medicare chief Marylin Tavenner said a Web site contractor wasn’t able to test all the security controls in one complete version of the system.

“From a security perspective, the aspects of the system that were not tested due to the ongoing development, exposed a level of uncertainty that can be deemed as a high risk for the (Web site),” the memo said.

It recommended setting up a security team to address risks, conduct daily tests, and a full security test within two to three months of going live.

HealthCare.gov was intended to be the online gateway to coverage for millions of uninsured Americans, as well those who purchase their policies individually. Many people in the latter group will have to get new insurance next year, because their policies do not meet the standards of the new law.

Sebelius’ forthright statement about her ultimate accountability came as she was being peppered with questions by Rep. Marsha Blackburn, R-Tenn., about who was responsible. It was Blackburn who introduced the term “debacle.”

Rep. Henry Waxman of California, the ranking Democrat on the committee, scoffed at Republican “oversight” of a law they have repeatedly tried to repeal.

“I would urge my colleagues to stop hyperventilating,” said Waxman. “The problems with HealthCare.gov are unfortunate and we should investigate them, but they will be fixed. And then every American will have — finally have access to affordable health insurance.”

Sebelius entered a hearing room so packed with lawmakers, photographers and others that she had trouble finding a path to her seat after shaking hands with the committee members.

Many in the crowd chuckled at her quandary, which was far easier to negotiate than the questions that awaited her about the messy launch of Obama’s health care web site. The crowd parted, and she found her way to her seat at the witness table, facing a wall of expectant lawmakers.

The standing-room-only hearing room was silent when she swore an oath to tell the truth and began her statement. “I apologize,” she told the rapt committee.

Sebelius faced questions about problems with the Web site as well as a wave of cancellation notices hitting individuals and small businesses who buy their own insurance.

Lawmakers also want to know how many people have enrolled in plans through the health exchanges, a number the Obama administration has so far refused to divulge, instead promising to release it in mid-November.

Some committee members expressed doubts about whether consumers’ personal information is safe on such a balky Web site.

 Medicare chief Marilyn Tavenner was questioned for nearly three hours by members of the House Ways and Means Committee who wanted to know why so many of their constituents were getting cancellation notices from their insurance companies.

The cancellations problem goes to one of Obama’s earliest promises about the health law: You can keep your plan if you like it. The promise dates back to June 2009, when Congress was starting to grapple with overhauling the health care system to cover uninsured Americans.

As early as last spring, state insurance commissioners started giving insurers the option of canceling existing individual plans for 2014, because the coverage required under Obama’s law is significantly more robust. Some states directed insurers to issue cancellations. Large employer plans that cover most workers and their families are unlikely to be affected.

The law includes a complicated “grandfathering” system to try to make good on Obama’s pledge. It shields plans from the law’s requirements provided the plans themselves change very little. Insurers say it has proven impractical. The cancellation notices are now reaching policyholders.

Tavenner blamed insurance companies for cancelling the policies and said most people who lose coverage will be able to find better replacement plans in the health insurance exchanges, in some cases for less money. Change is a constant in the individual insurance market, she added, saying that about half of plans “churn” over in any given year.

Via: enterprise-security-today


Save pagePDF pageEmail pagePrint page

Leave a Reply

Your email address will not be published. Required fields are marked *