New security issues arise for health care website
by Laurie Kellman, Associated Press and Ricardo Alonso-Zaldivar, Associated Press
October 31, 2013 12:40 AM | 660 views | 0 0 comments | 10 10 recommendations | email to a friend | print
Health and Human Services Secretary Kathleen Sebelius is sworn in on Capitol Hill in Washington, Wednesday, prior to testifying before the House Energy and Commerce Committee hearing on the difficulties plaguing the implementation of the Affordable Care Act. President Barack Obama's top health official faced tough questioning by a congressional committee Wednesday that will demand she explain how the administration stumbled so badly in its crippled online launch of the president's health care overhaul. <br>The Associated Press
Health and Human Services Secretary Kathleen Sebelius is sworn in on Capitol Hill in Washington, Wednesday, prior to testifying before the House Energy and Commerce Committee hearing on the difficulties plaguing the implementation of the Affordable Care Act. President Barack Obama's top health official faced tough questioning by a congressional committee Wednesday that will demand she explain how the administration stumbled so badly in its crippled online launch of the president's health care overhaul.
The Associated Press
slideshow
WASHINGTON — President Barack Obama claimed “full responsibility” Wednesday for fixing his administration’s much-maligned health insurance website as a new concern surfaced: a government memo pointing to security worries, laid out just days before the launch.

On Capitol Hill, Health and Human Services Secretary Kathleen Sebelius apologized to frustrated people trying to sign up, declaring that she is accountable for the failures but also defending the historic health care overhaul.

The website sign-up problems will be fixed by Nov. 30, she said, and the gaining of health insurance will make a positive difference in the lives of millions of Americans.

Obama underscored the administration’s unhappiness with the problems so far: “There’s no excuse for it,” he said during a Boston speech to promote his signature domestic policy achievement. “And I take full responsibility for making sure it gets fixed ASAP.”

The website HealthCare.gov was still experiencing outages as Sebelius faced a new range of questions at the House Energy and Commerce Committee about a security memo from her department. It revealed that the troubled website was granted a temporary security certificate Sept. 27, just four days before it went live Oct. 1.

The memo, obtained by The Associated Press, said incomplete testing created uncertainties that posed a potentially high security risk for the website. It called for a six-month “mitigation” program, including ongoing monitoring and testing.

Security issues raise major new concerns on top of the long list of technical problems the administration is grappling with.

“You accepted a risk on behalf of every user ... that put their personal financial information at risk,” Rep. Mike Rogers (R-Mich.) told Sebelius, citing the memo. “Amazon would never do this. ProFlowers would never do this. Kayak would never do this. This is completely an unacceptable level of security.”

Sebelius countered that the system is secure, even though the site’s certificate, known in government parlance as an “authority to operate,” is of a temporary nature. A permanent certificate will be issued only when all security issues are addressed, she stressed.

Spokeswoman Joanne Peters added separately: “When consumers fill out their online ... applications, they can trust that the information they’re providing is protected by stringent security standards and that the technology underlying the application process has been tested and is secure. Security testing happens on an ongoing basis using industry best practices.”

The security certificate is required under longstanding federal policy before any government computer system can process, store or transmit agency data.

The temporary certificate was approved by Medicare chief Marilyn Tavenner, the senior HHS official closest to the rollout. No major security breaches have been reported.

The memo said, “From a security perspective, the aspects of the system that were not tested due to the ongoing development, exposed a level of uncertainty that can be deemed as a high risk for the (federal marketplace website).”

Comments
(0)
Comments-icon Post a Comment
No Comments Yet
*We welcome your comments on the stories and issues of the day and seek to provide a forum for the community to voice opinions. All comments are subject to moderator approval before being made visible on the website but are not edited. The use of profanity, obscene and vulgar language, hate speech, and racial slurs is strictly prohibited. Advertisements, promotions, spam, and links to outside websites will also be rejected. Please read our terms of service for full guides