Skip to main content
Subscribe
  • Sign Up Free
  • Login
  • Subscribe
  • News
    • Current News
    • Providers
    • Insurance
    • Government
    • Finance
    • Technology
    • Safety & Quality
    • Digital Health
    • Transformation
    • ESG
    • People
    • Regional News
    • Digital Edition (Web Version)
    • Patients
    • Operations
    • Care Delivery
    • Payment
    • Midwest
    • Northeast
    • South
    • West
  • Opinion
    • Bold Moves
    • Breaking Bias
    • Commentaries
    • Letters
    • Vital Signs Blog
    • From the Editor
  • Events & Awards
    • Awards
    • Conferences
    • Galas
    • Virtual Briefings
    • Webinars
    • Nominate/Eligibility
    • 100 Most Influential People
    • 50 Most Influential Clinical Executives
    • Best Places to Work in Healthcare
    • Excellence in Governance
    • Health Care Hall of Fame
    • Healthcare Marketing Impact Awards
    • Top 25 Emerging Leaders
    • Top Innovators
    • Diversity in Healthcare
      • - Luminaries
      • - Top 25 Diversity Leaders
      • - Leaders to Watch
    • Women in Healthcare
      • - Luminaries
      • - Top 25 Women Leaders
      • - Women to Watch
    • Digital Health Transformation Summit
    • ESG: The Implementation Imperative Summit
    • Leadership Symposium
    • Social Determinants of Health Symposium
    • Women Leaders in Healthcare Conference
    • Best Places to Work Awards Gala
    • Health Care Hall of Fame Gala
    • Top 25 Diversity Leaders Gala
    • Top 25 Women Leaders Gala
    • - Hospital of the Future
    • - Value Based Care
    • - Hospital at Home
    • - Workplace of the Future
    • - Digital Health
    • - Future of Staffing
    • - Hospital of the Future (Fall)
  • Multimedia
    • Podcast - Beyond the Byline
    • Sponsored Podcast - Healthcare Insider
    • Video Series - The Check Up
    • Sponsored Video Series - One on One
  • Data Center
    • Data Center Home
    • Hospital Financials
    • Staffing & Compensation
    • Quality & Safety
    • Mergers & Acquisitions
    • Data Archive
    • Resource Guide: By the Numbers
    • Surveys
    • Data Points
  • Newsletters
  • MORE+
    • Contact Us
    • Advertise
    • Media Kit
    • Jobs
    • People on the Move
    • Reprints & Licensing
MENU
Breadcrumb
  1. Home
  2. Insurance
January 16, 2014 12:00 AM

Healthcare website passed recent security test

Associated Press
  • Tweet
  • Share
  • Share
  • Email
  • More
    Reprints Print

    Cybersecurity concerns over President Barack Obama's healthcare website have been cleared up through testing, a government security professional who initially had qualms about the system assured lawmakers Thursday.

    But a congressional hearing featuring three senior technology experts from within the HHS also revealed a broader internal debate before the hapless launch of HealthCare.gov last fall.

    One of the witnesses, HHS Chief Information Officer Frank Baitman, said he personally brought security issues to the attention of the department's second-in-command, Bill Corr, as well as another senior official. It's unclear what, if anything, Secretary Kathleen Sebelius and White House officials were told.

    The maddening technical problems that frustrated consumers for weeks as they tried to sign up for health insurance would pale in comparison if a serious security breach compromised the names, Social Security numbers, incomes and other personal information of millions of Americans.

    Republicans on the House Oversight and Government Reform Committee are trying to build a case that the administration recklessly ignored security concerns to meet a self-imposed Oct. 1 deadline for flipping the switch. The administration — and Democratic lawmakers— say all issues were addressed through special vigilance instituted just before the launch. While Republicans have raised questions, they have yet to find a smoking gun.

    Officials told the committee no attempted attack by hackers has succeeded, although a shadowy group calling itself "Destroy Obamacare" has tried. There have been 13 known inadvertent exposures or disclosures of information.

    The root of the controversy is that the healthcare site did not get full security testing, as is the usual practice with federal systems before they are put into use. The technology was getting constant tweaks that precluded a final assessment. It also was prone to crashing.

    However, Medicare's top cybersecurity official testified Thursday that the revamped website passed full security tests Dec. 18, easing her earlier concerns about vulnerabilities. Teresa Fryer, chief information security officer at the Centers for Medicare and Medicaid Services, had initially balked at the site going live.

    She said Thursday she would now recommend full operational and security certification for the site, which currently has what amounts to a six-month permit. The Medicare agency is responsible for expanding coverage to the uninsured under the healthcare law.

    Shortly before the launch, Fryer had told other top officials that she could not recommend going ahead because security testing had not been completed.

    She drafted a formal memo expressing her concerns, but never sent it, partly because more senior officials had already determined to proceed with additional safeguards to address potential risks. "There is also no confidence that personal identifiable information will be protected," she said in her unsent memo.

    The formal go-ahead to operate the system was signed Sep. 27 by Medicare chief Marilyn Tavenner, who usually does not adjudicate technology disputes.

    Testing since then seems to have settled the internal debate.

    "The testing was successfully completed. It had good results," Fryer told the committee. She agreed with a suggestion by Rep. Jackie Speier, D-Calif., that HealthCare.gov now has "a clean bill of health."

    But Republicans sought to turn the focus to the administration's decision to launch before testing was complete.

    Baitman, the HHS chief information officer, testified that he relayed the concerns of Fryer and others to senior levels of the department, telling second-in-command Corr and Assistant Secretary for Administration E.J. "Ned" Holland.

    Baitman said he was not personally convinced the security worries were a "red flag." But he did say he had recommended a phased-in launch as opposed to trying to go live nationally on Oct. 1.

    Chairman Darrell Issa, R-Calif., investigating the chaotic rollout of the website, contends the administration risked Americans' personal information to avoid postponing the president's signature program. "It seems to defy common sense that a website plagued with functional problems was in fact perfectly secure," said Issa.

    The panel's senior Democrat, Rep. Elijah Cummings of Maryland, said Republicans are "cherry picking partial information to promote a political narrative that is inaccurate."

    Cummings says it is Republicans who are risking the privacy of average citizens by demanding detailed blueprints that, if leaked, would become a road map for hackers.

    With the healthcare law remaining a polarizing issue in the midterm congressional elections, both political parties are at battle stations.

    In a closed-door deposition prior to the hearing, top HHS cybersecurity officer Kevin Charest said he, too, was concerned about potential vulnerabilities ahead of the launch. But he told congressional investigators he was unable to get answers to his questions from others inside the department. He concluded that the testing of the site was substandard.

    "I would say that it didn't follow best practices," Charest said in a Jan. 8 deposition.

    Letter
    to the
    Editor

    Send us a letter

    Have an opinion about this story? Click here to submit a Letter to the Editor, and we may publish it in print.

    Recommended for You
    diversity2_i.png
    How Connecticut's Broker Academy targets health disparities
    cybersecurity_i.jpg
    Massachusetts health insurer faces ransomware attack, member data at risk
    Most Popular
    1
    More healthcare organizations at risk of credit default, Moody's says
    2
    Centene fills out senior executive team with new president, COO
    3
    SCAN, CareOregon plan to merge into the HealthRight Group
    4
    Blue Cross Blue Shield of Michigan unveils big push that lets physicians take on risk, reap rewards
    5
    Bright Health weighs reverse stock split as delisting looms
    Sponsored Content
    Daily Finance Newsletter: Sign up to receive daily news and data that has a direct impact on the business and financing of healthcare.
    Get Newsletters

    Sign up for enewsletters and alerts to receive breaking news and in-depth coverage of healthcare events and trends, as they happen, right to your inbox.

    Subscribe Today
    MH Magazine Cover

    MH magazine offers content that sheds light on healthcare leaders’ complex choices and touch points—from strategy, governance, leadership development and finance to operations, clinical care, and marketing.

    Subscribe
    Connect with Us
    • LinkedIn
    • Twitter
    • Facebook
    • RSS

    Our Mission

    Modern Healthcare empowers industry leaders to succeed by providing unbiased reporting of the news, insights, analysis and data.

    Contact Us

    (877) 812-1581

    Email us

     

    Resources
    • Contact Us
    • Advertise with Us
    • Ad Choices Ad Choices
    • Sitemap
    Editorial Dept
    • Submission Guidelines
    • Code of Ethics
    • Awards
    • About Us
    Legal
    • Terms and Conditions
    • Privacy Policy
    • Privacy Request
    Modern Healthcare
    Copyright © 1996-2023. Crain Communications, Inc. All Rights Reserved.
    • News
      • Current News
      • Providers
      • Insurance
      • Government
      • Finance
      • Technology
      • Safety & Quality
      • Digital Health
      • Transformation
        • Patients
        • Operations
        • Care Delivery
        • Payment
      • ESG
      • People
      • Regional News
        • Midwest
        • Northeast
        • South
        • West
      • Digital Edition (Web Version)
    • Opinion
      • Bold Moves
      • Breaking Bias
      • Commentaries
      • Letters
      • Vital Signs Blog
      • From the Editor
    • Events & Awards
      • Awards
        • Nominate/Eligibility
        • 100 Most Influential People
        • 50 Most Influential Clinical Executives
        • Best Places to Work in Healthcare
        • Excellence in Governance
        • Health Care Hall of Fame
        • Healthcare Marketing Impact Awards
        • Top 25 Emerging Leaders
        • Top Innovators
        • Diversity in Healthcare
          • - Luminaries
          • - Top 25 Diversity Leaders
          • - Leaders to Watch
        • Women in Healthcare
          • - Luminaries
          • - Top 25 Women Leaders
          • - Women to Watch
      • Conferences
        • Digital Health Transformation Summit
        • ESG: The Implementation Imperative Summit
        • Leadership Symposium
        • Social Determinants of Health Symposium
        • Women Leaders in Healthcare Conference
      • Galas
        • Best Places to Work Awards Gala
        • Health Care Hall of Fame Gala
        • Top 25 Diversity Leaders Gala
        • Top 25 Women Leaders Gala
      • Virtual Briefings
        • - Hospital of the Future
        • - Value Based Care
        • - Hospital at Home
        • - Workplace of the Future
        • - Digital Health
        • - Future of Staffing
        • - Hospital of the Future (Fall)
      • Webinars
    • Multimedia
      • Podcast - Beyond the Byline
      • Sponsored Podcast - Healthcare Insider
      • Video Series - The Check Up
      • Sponsored Video Series - One on One
    • Data Center
      • Data Center Home
      • Hospital Financials
      • Staffing & Compensation
      • Quality & Safety
      • Mergers & Acquisitions
      • Data Archive
      • Resource Guide: By the Numbers
      • Surveys
      • Data Points
    • Newsletters
    • MORE+
      • Contact Us
      • Advertise
      • Media Kit
      • Jobs
      • People on the Move
      • Reprints & Licensing