Smith queries re Healthcare.gov security
Special to the Courier
Earlier this month, US House of Representative Science, Space and Technology Committee Chairman Lamar Smith sent a letter to President Barack Obama requesting information about the steps his administration is taking to address the security risks and privacy concerns surrounding the Obamacare website, Healthcare.gov. Twenty-one committee Republicans joined Smith in sending the letter.
In early December, a top administration official praised the progress that has been made in fixing the website's accessibility, claiming that the site can now "support intended volumes" of users. However, it appears that the larger security and privacy issues remain unaddressed.
In the letter dated Dec. 11, House members expressed concern that in its haste to fix the capacity of the website, the Obama administration has once again ignored glaring security concerns.
"While more people may be able to access the site, without much-needed security enhancements, this simply means that more Americans are vulnerable to online criminals and identity theft," the letter stated. "Mr. President, your Administration has an obligation to ensure that the personal, financial, and account information collected as part of the Affordable Care Act is secure. Unfortunately, in its haste to launch the Healthcare.gov website, it appears that your administration has cut corners that have left the website open to hackers and other online criminals."
Although the website itself does no retain personal data, it transmits the data to other sites. According to the members, without adequate security measures, Healthcare.gov essentially becomes a portal for online criminals to access even more sensitive, personal data.
The letter requests that the Obama Administration outline explicit steps that have been taken to improve the security of Healthcare.gov, and asks who within the administration is ultimately responsible for ensuring Americans' personal information remains secure.
At a hearing before the Science Committee on Nov. 19, leading computer security experts from the private sector and academia outlined the significant threats posed to Americans by identity theft. One witness, David Kennedy, is a so-called "white hat hacker" who helps private sector companies secure their websites and data from online criminals.
Kennedy gave a demonstration of real vulnerabilities with Healthcare.gov, showing how hackers are attempting to access personal information via the website. Even more troubling, he testified that there are "clear indicators that even basic security was not built into the Healthcare.gov website."
The data passing through the Healthcare.gov website is one of the largest collections of personal information ever assembled, linking information from seven different federal agencies along with state agencies and government contractors.
Americans who use the site must input personal contact information, birth dates and social security numbers, as well as income, tax and other financial information.
Because of the seriousness of the threat facing users of Healthcare.gov, the letter ask that answers to the serious questions posed be provided to the committee no later than Dec. 18.