Security Issues Surface On Obamacare Website
WASHINGTON – President Barack Obama’s embattled top health official declared herself accountable Wednesday for failures of the much-maligned health insurance website as a newly surfaced government memo pointed to security concerns that were laid out just days before its launch.
Despite the problems, Health and Human Services Secretary Kathleen Sebelius defended the health care overhaul, the signature legislative accomplishment of Obama’s first term. She said the website problems will be fixed by Nov. 30 and gaining health insurance will make a positive difference in the lives of millions of Americans.
The website HealthCare.gov was still experiencing outages, even as Sebelius was testifying to the House Energy and Commerce Committee that “I’m responsible.” And she faced a new range of questions about an internal memo from her department that revealed the troubled website was granted a temporary security certificate on Sept. 27, just four days before it went live on Oct. 1.
The memo said incomplete testing created uncertainties that posed a potentially high security risk for the website. It called for a six-month “mitigation” program, including ongoing monitoring and testing.
Republicans opposed to Obama’s health care law are calling for Sebelius to resign. She apologized to people having trouble signing up but told the committee that the technical issues that led to frozen screens and error messages are being cleared up on a daily basis.
Security issues raise major new concerns on top of the long list of technical problems the administration is grappling with.
“You accepted a risk on behalf of every user … that put their personal financial information at risk,” Rep. Mike Rogers, R-Mich., told Sebelius, citing the memo. “Amazon would never do this. ProFlowers would never do this. Kayak would never do this. This is completely an unacceptable level of security.”
Sebelius countered that the system is secure, even though the site’s certificate, known in government parlance as an “authority to operate,” is of a temporary nature. A permanent certificate will be issued only when all security issues are addressed, she stressed.
Spokeswoman Joanne Peters added separately: “When consumers fill out their online … applications, they can trust that the information they’re providing is protected by stringent security standards and that the technology underlying the application process has been tested and is secure. Security testing happens on an ongoing basis using industry best practices.”
The security certificate is required under longstanding federal policy before any government computer system can process, store or transmit agency data. The temporary certificate was approved by Medicare chief Marilyn Tavenner, the senior HHS official closest to the rollout. No major security breaches have been reported.
The memo said, “From a security perspective, the aspects of the system that were not tested due to the ongoing development, exposed a level of uncertainty that can be deemed as a high risk for the (federal marketplace website).”
It recommended setting up a security team to address risks and conduct daily tests, and said a full security test should be conducted within two to three months of the website going live.
A separate page stated that “the mitigation plan does not reduce the risk to the (website) itself going into operation on Oct. 1, 2013. However, the added protections do reduce the risk to the overall Marketplace operations and will ensure that the … system is completely tested within the next 6 months.”
That page was signed by three senior technical officials below Tavenner at the Centers for Medicare and Medicaid Services. All the officials deal with information security issues.
Sebelius’ forthright statement about her ultimate accountability for problems with the sign-up rollout came as Rep. Marsha Blackburn, R-Tenn., peppered her with questions about the “debacle.”
“Hold me accountable for the debacle,” Sebelius replied. “I’m responsible.”
Rep. Henry Waxman of California, the ranking Democrat on the committee, scoffed at Republican “oversight” of a law they have repeatedly tried to repeal.
“I would urge my colleagues to stop hyperventilating,” said Waxman. “The problems with HealthCare.gov are unfortunate and we should investigate them, but they will be fixed. And then every American will have, finally have, access to affordable health insurance.”