New security issues arise for health care website
by Laurie Kellman, Associated Press and Ricardo Alonso-Zaldivar, Associated Press
October 31, 2013 01:51 AM | 825 views | 1 1 comments | 19 19 recommendations | email to a friend | print
Health and Human Services Secretary Kathleen Sebelius testifies before the House Energy and Commerce Committee about the difficulties plaguing the implementation of the Affordable Care Act, on Capitol Hill in Washington on Wednesday. The Obama Administration claims the botched rollout was the result of contractors failing to live up to expectations – not bad management at HHS. As the public face of President Barack Obama's signature health care program, Sec. Sebelius has become the target for attacks over its botched rollout with Republicans, and even some Democrats, calling for her to resign.
Health and Human Services Secretary Kathleen Sebelius testifies before the House Energy and Commerce Committee about the difficulties plaguing the implementation of the Affordable Care Act, on Capitol Hill in Washington on Wednesday. The Obama Administration claims the botched rollout was the result of contractors failing to live up to expectations – not bad management at HHS. As the public face of President Barack Obama's signature health care program, Sec. Sebelius has become the target for attacks over its botched rollout with Republicans, and even some Democrats, calling for her to resign.
slideshow
WASHINGTON — President Barack Obama claimed “full responsibility” Wednesday for fixing his administration’s much-maligned health insurance website as a new concern surfaced: a government memo pointing to security worries, laid out just days before the launch.

On Capitol Hill, Health and Human Services Secretary Kathleen Sebelius apologized to frustrated people trying to sign up, declaring that she is accountable for the failures but also defending the historic health care overhaul.

The website sign-up problems will be fixed by Nov. 30, she said, and the gaining of health insurance will make a positive difference in the lives of millions of Americans.

Obama underscored the administration’s unhappiness with the problems so far: “There’s no excuse for it,” he said during a Boston speech to promote his signature domestic policy achievement. “And I take full responsibility for making sure it gets fixed ASAP.”

The website HealthCare.gov was still experiencing outages as Sebelius faced a new range of questions at the House Energy and Commerce Committee about a security memo from her department. It revealed that the troubled website was granted a temporary security certificate Sept. 27, just four days before it went live Oct. 1.

The memo, obtained by The Associated Press, said incomplete testing created uncertainties that posed a potentially high security risk for the website. It called for a six-month “mitigation” program, including ongoing monitoring and testing.

Security issues raise major new concerns on top of the long list of technical problems the administration is grappling with.

“You accepted a risk on behalf of every user ... that put their personal financial information at risk,” Rep. Mike Rogers (R-Mich.) told Sebelius, citing the memo. “Amazon would never do this. ProFlowers would never do this. Kayak would never do this. This is completely an unacceptable level of security.”

Sebelius countered that the system is secure, even though the site’s certificate, known in government parlance as an “authority to operate,” is of a temporary nature. A permanent certificate will be issued only when all security issues are addressed, she stressed.

Spokeswoman Joanne Peters added separately: “When consumers fill out their online ... applications, they can trust that the information they’re providing is protected by stringent security standards and that the technology underlying the application process has been tested and is secure. Security testing happens on an ongoing basis using industry best practices.”

The security certificate is required under longstanding federal policy before any government computer system can process, store or transmit agency data.

The temporary certificate was approved by Medicare chief Marilyn Tavenner, the senior HHS official closest to the rollout. No major security breaches have been reported.

The memo said, “From a security perspective, the aspects of the system that were not tested due to the ongoing development, exposed a level of uncertainty that can be deemed as a high risk for the (federal marketplace website).”

Comments
(1)
Comments-icon Post a Comment
COBB CSI
|
October 31, 2013
After two whole weeks of testing why should you worry about security if you think they even tested it at all? This will be the single biggest identity theft in the history of the world and you’re Supreme leader Czar Obama is taking you right into a third world banana republic. Glad I voted for the loser I knew someone would have to pay for those Christmas gifts and this will finish off the American middle class.
*We welcome your comments on the stories and issues of the day and seek to provide a forum for the community to voice opinions. All comments are subject to moderator approval before being made visible on the website but are not edited. The use of profanity, obscene and vulgar language, hate speech, and racial slurs is strictly prohibited. Advertisements, promotions, and spam will also be rejected. Please read our terms of service for full guides