Senators question HealthCare.gov's security
Lawmakers point to reports of a website user having his personal data shared with another user
IDG News Service - U.S. lawmakers questioned the security of HealthCare.gov, the U.S. government's troubled insurance-shopping website, after reports that one applicant's personal information was shared with another applicant.
Reports that the website shared South Carolina resident Tom Dougall's personal information with another insurance applicant raises serious concerns about security at the site, Republican members of the U.S. Senate Health, Education Labor and Pensions Committee said during a hearing Tuesday.
The security concerns come on top of the website's existing problems, including site outages, sluggish page load times and users' inability to complete coverage applications, since the U.S. Department of Health and Human Services launched the website Oct. 1. The website is a key piece of insurance reform law the Affordable Care Act, or Obamacare, passed by Congress in 2010.
"We are now more than 30 days into one of the greatest website disasters in history," Senator Tim Scott, a South Carolina Republican, said during the hearing. "After nearly US $400 million, HealthCare.gov is synonymous now with failure. The public's trust has been broken."
In the South Carolina case, another applicant received download links to Dougall's insurance application, Scott said. Dougall and Scott have asked HHS to remove all his personal information from HealthCare.gov, but agency officials have not been able to tell him if that will happen, said Scott, one of Dougall's senators.
"There's no delete option for consumers," Scott said.
The team working on HealthCare.gov for the HHS Centers for Medicare and Medicaid Services [CMS] has fixed the problem that caused the data to be shared, said Marilyn Tavenner, administrator at CMS. The agency has been trying to contact Dougall to address his concerns, she said.
CMS received only one report of a user's application being shared with another person, Julie Bataille, director of the CMS Office of Communications, said at a press briefing later. The HealthCare.gov team took "immediate" steps to fix the software responsible for the problem, she said.
At the hearing, Tavenner defended the site's security, saying contractor Mitre has continually tested the site and is monitoring for intrusions. The site is using similar security measures as are used in the CMS Medicare program, she said.
Capacity has been added to improve site performance and HealthCare.gov should be working well by the end of the month, as HHS has projected, she said.
But committee Republicans -- who have opposed Obamacare -- raised doubts about security. The HHS inspector general's office warned HHS and its Centers for Medicare and Medicaid Services [CMS] about possible security problems in an August report, Scott said.
That report warns CMS of a tight time frame for completing security testing, with the report noting that the targeted data of security authorization for the website slipped from early September to Sept. 30, a day before launch. "If there are additional delays in completing the security authorization package, the CMS CIO may not have a full assessment of system risks and security controls needed for the security authorization decision by the initial opening enrollment period," the report said.
- 18 Hot IT Certifications for 2014
- CIOs Opting for IT Contractors Over Hiring Full-Time Staff
- 12 Best Free iOS 7 Holiday Shopping Apps
- For CMOs Big Data Can Lead to Big Profits
- Slideshow: 5 ways to lock down your mobile device
- Slideshow: 10 mistakes companies make after a data breach
- How to rob a bank: A social engineering walk through
- Which smartphone is the most secure?
If you think getting it right from day one is always what matters, you probably haven't been following technology too closely.
- IT Certification Study Tips
- Register for this Computerworld Insider Study Tip guide and gain access to hundreds of premium content articles, cheat sheets, product reviews and more.
- Mitigating DDoS Attacks with F5 Technology
- This document examines various DDoS attack methods and the application of specific ADC technologies to block attacks in the DDoS threat spectrum while...
- The DDoS Threat Spectrum
- Bolstered by favorable economics, today's global botnets are using distributed denial-of-service (DDoS) attacks to target firewalls, web services, and applications, often simultaneously.
- Defending Against Denial of Service Attacks
- By utilizing end-user interviews, this whitepaper explores a deeper understanding of DDoS defense plans and reveals the knowledge gaps around the Denial of...
- Strategic Solutions for Government IT
- This paper outlines why F5 is the optimum partner to help achieve the levels of security, performance and availability that are vital to...
- The Six Main Steps To Structured Analogy
- The role of structured analogy software is to automate the data extraction and processing work, provide visualization of the historical context forjudgments and... All Government IT White Papers
- Modernizing SAP environments with minimum risk - a path to Big Data Hear from top IDC analyst, Richard Villars, about the path you can start taking now to enable your organization to get the benefits...
- The Power of the Citrix Mobility Solution, XenMobile Does everything become a smartphone? Or does the smartphone begin to do everything? How can we afford to support BYOD? Rather, how can...
- BYOD Happens: How to Secure Mobility How to navigate the journey of securing mobility, including the BYOD corruption of IT, the top ten mobility strategies, and the mobility management...
- Fighting Fraud Videos: IBM Intelligent Investigation Manager Short videos about IBM Intelligent Investigation Manager (IIM) for Fraud. IIM optimizes the investigation of fraud for customers across many industries in both...
- IBM Intelligent Investigation Manager: Online Product Demo Intelligent Investigation Manager optimizes fraud investigation and analysis and it dynamically coordinates and reports on cases, provides analysis and visualization, and enables more...
- All Government IT Webcasts
Does your organization offer extensive benefits, cool perks, competitive salaries, opportunities for training and advancement? Then get it recognized!
Nominate your company or another deserving organization for Computerworld's 2014 Best Places to Work in IT list now through Dec. 12, 2013.