This weekend, the Obama administration announced that the federal health insurance exchange website is now “accessible for the vast majority of users” after two months of glitches, errors, and bugs. While the website may be more accessible, the administration has not addressed another major issue presented by the launch of this website – the security of individuals’ personal, private data entered into the site.
Cybersecurity poses a significant and growing threat to individual privacy, yet the Obama administration has been so focused on getting the health insurance website to function at a basic level that it has not taken sufficient action to ensure that users’ personal and medical information will be protected, which is unacceptable. Information such as an individual’s Social Security Number, home address, and email entered into the website are not sufficiently protected from hackers and cyber-criminals, exposing users to identity theft.
The House of Representatives has held oversight hearings to look into this important issue, and the findings are disturbing. At a recent Energy and Commerce Oversight hearing, we learned that Henry Chao, a top IT official responsible for management of healthcare.gov, never saw a key analysis of foreseeable issues with the website. A presentation was given to top administration officials in March and April of this year, and yet Mr. Chao, a point person for the site, admitted at this hearing that he never reviewed this assessment and the risks it identified.
At a Science, Space, and Technology Committee hearing, online security experts testified that significant flaws within healthcare.gov are putting Americans’ security at serious risk. They stated that while rushing to achieve the public launch of the site, the Administration did not take the precautions necessary to protect the information of users, and therefore, they sacrificed the security of Americans’ private information. All but one of the witnesses at this hearing testified that they would take the website offline as soon as possible to address the security risks involved with the site. All of the witnesses said that they would advise Americans against using the site given these security vulnerabilities. David Kennedy, who is a “white hat hacker,” testified that the site is currently being hacked to reveal Americans’ personal information, and the site is definitely not safe for use.
The administration recently announced that a full Security Control Assessment of the site is set to begin in December, but that is too late. Healthcare.gov made its public debut over 11 weeks ago — why is the administration only now launching a security assessment?
These security problems must be addressed immediately to prevent the exploitation of individuals’ most private information as they attempt to use this website. At a time when hundreds of thousands of Americans are learning that they can no longer keep their current insurance plan and must go onto the health exchange to obtain a new policy, we cannot allow their personal information to remain at risk. I will continue to work with my colleagues to conduct oversight of those officials responsible for administering the site to ensure that individual privacy is protected.
If you need any additional information, please visit my website at hurt.house.gov or call my Washington office:(202) 225-4711, Charlottesville office: (434) 973-9631, Danville office: (434) 791-2596, or Farmville office:(434) 395-0120.
Robert Hurt represents the Fifth District in Congress.
Share
Contributors
