A top CMS official told congressional staffers Tuesday that the federal insurance exchange website has had two high-level security vulnerabilities since it was launched in October, including one this week. But the CMS said one issue proved to be false and that it has fixed the other problem.
Teresa Fryer, the CMS' chief information security officer, met with the majority and minority staff members of the House Oversight and Government Reform Committee, which released a transcript of the Dec. 17 interview (PDF). In it, Fryer said that two “high findings”—the highest level of security vulnerabilities—were identified since open enrollment began, including one in November and one this week.
Fryer said she recommended to Tony Trenkle—the technology leader at CMS during the HealthCare.gov launch—a that an “authority to operate” be denied because of high-risk security concerns before the site went live. Trenkle stepped down from his position in early November.