Cyber Side-Effects: How Secure is the Personal Information Entered into the Flawed Healthcare.gov?

Share:

Hearing Summary: Prepared for AAPS by the Market Institute

The House Committee on Homeland Security recently met on Nov. 13, 2013 to examine the security of personal information on Healthcare.gov. There are concerns that the federal website does not meet security standards and personal information is open to hacking. Chairman Michael McCaul (R-TX) said in his opening statement the committee is concerned the security flaws with Healthcare.gov are just as bad as the roll-out of the site. The only communication between DHS and CMS was a couple of phone calls and emails. CMS never asked DHS for advice or technical assistance in regards to security. The centralization of so much personal data, no matter the program, is cause for concern.

The first witness, Roberta “Bobbie” Stempfley, Acting Assistant Secretary Office of Cybersecurity and Communications at DHS testified in her opening statement that her agency is the lead for defending and securing federal civilian systems and networks. The Deputy Chief Security Officer at HHS initiated talks with DHS regarding ACA systems in August 2013, and while further talks were held, DHS has not received any specific request from CMS relative to the ACA.

The second witness, Soraya Correa, Associate Director Enterprise Services Directorate U.S. Citizenship and Immigration Services at DHS testified in her opening statement that she oversees verification programs at the agency including the Systematic Alien Verification for Entitlements Program (SAVE). SAVE is used in Obamacare to verify consumers for eligibility for enrollment through the federal hub. Testing was done by HHS for a functionality check between SAVE and the federal hub which was successfully completed in the weeks leading up to open enrollment.

The third witness, Luke Chung, President at FMS Inc. testified in his opening statement that a blog post he had written on October 1st about the copious problems with Healthcare.gov had gone viral and people had started taking notice on just how problematic the website truly was. His observations about the website are as follows:

  • Poor design
  • Poor development
  • The testing was woefully inadequate
  • There are more bugs yet to be discovered
  • The decision makers involved with the October 1st launch clearly do not understand what a shipping quality product is and should not be further involved with the website

There are many questions regarding the contractors that worked on the project and how they were compensated. Many features on the site are redundant and do not make sense. Did contractors get paid extra for these? The billing breakdown is even more jarring. By estimates and how much money was doled out, the project took over 500 man years to complete.

The final witness, Waylon Kush, CEO at Lunarline testified in his opening statement that when asked if he would trust his personal data on Healthcare.gov, he responded in the affirmative. In his opinion, HHS has followed standard protocol for assessing the security risks of a large IT project and they are currently taking the proper steps to ensure the website is secure.

Hearing Website:

Hearing: Cyber Side-Effects: How Secure is the Personal Information Entered into the Flawed Healthcare.gov?

Links to Testimony:

Ms. Roberta “Bobbie” Stempfley
Acting Assistant Secretary
Office of Cybersecurity and Communications
U.S. Department of Homeland Security

Click to access 11-13-13-Stempfley-Testimony.pdf

Ms. Soraya Correa
Associate Director
Enterprise Services Directorate
U.S. Citizenship and Immigration Services
U.S. Department of Homeland Security

Click to access 11-13-13-Correa-Testimony.pdf

Mr. Luke Chung
President
FMS, Inc.

Click to access HHRG-113-HM00-Wstate-ChungL-20131113.pdf

Mr. Waylon Krush
Chief Executive Officer
Lunarline, Inc.

Click to access HHRG-113-HM00-Wstate-KrushW-20131113.pdf

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.