The computer security question may be particularly delicate. The federal insurance website collects a broad range of personal information, including applicants' Social Security numbers, addresses, emails, income and health information.
House Republicans have latched on to a final report by the Mitre Corporation, one of the main firms hired to assess the security of the site, which said on Oct. 11, 11 days after the site went live, that it was ''unable to adequately test the confidentiality and integrity'' of the health exchange. Mitre went on to say that a ''complete end-to-end testing'' of the site ''never occurred.''
(Read more: What does the Obamacare 'fix' mean for you?)
Jason Providakes, Mitre's senior vice president and general manager, will put some distance between his company and that assessment in a hearing before the House Energy and Commerce Committee, one of the two hearings scheduled for Tuesday.
''We were not asked nor did we perform 'end-to-end' security testing,'' he will say, according to written testimony posted in advance. ''We have no view on the overall 'safety' or security status ofHealthCare.gov."
That is not likely to stop the law's opponents from passing their own judgment.
''Unfortunately, in their haste to launch the website, it appears the Obama administration cut corners, leaving the site wide open to hackers and other online criminals,'' said Representative Lamar Smith, Republican of Texas and the chairman of the House Science, Space and Technology Committee, which will hold the other hearing.
Documents show that as recently as September, senior Health and Human Services officials were worried about the vulnerability of the system to security threats.
When the health care exchanges first opened for business, an important vulnerability could have allowed hackers to try to hijack users' accounts by resetting their passwords. But federal officials fixed that problem the same day they learned about it, after it was pointed out to them by Ben Simo, a software engineer and tester from Arizona.
The report, by McKinsey & Company, which was prepared in late March at the request of the Department of Health and Human Services, said that management indecision and a "lack of transparency and alignment on critical issues" were threatening progress, despite the tight deadline.
The McKinsey report found that the effort was at risk because of issues including "significant dependency on external parties/contractors," as well as "insufficient time and scope of end-to-end testing," and "parallel stacking of all phases," all predictions that have turned out to be accurate. Briefings on the report were held in the spring at the White House and at the headquarters of the Health and Human Services Department and for leaders at the Centers for Medicare and Medicaid, congressional investigators said.
"The administration was on track — on track for a disaster — and yet officials refused to be transparent with the
Some vulnerabilities still existed through mid-November, Mr. Simo said. For example, the enrollment system sent consumers their username and account activation code in a single message, which could potentially be intercepted.
That combination has led to repeated warnings, and a continued focus at congressional hearings on the possibility that hackers might gain access to private, personal data.
As of last week, the Homeland Security Department had received reports of 16 attempted cyberattacks, all of which it was investigating.
—By Sharon LaFraniere and Eric Lipton, The New York Times; Jonathan Weisman and Michael D. Shear contributed reporting.
0 comments:
Post a Comment