Skip to main content
Subscribe
  • Sign Up Free
  • Login
  • Subscribe
  • News
    • Current News
    • Providers
    • Insurance
    • Government
    • Finance
    • Technology
    • Safety & Quality
    • Digital Health
    • Transformation
    • ESG
    • People
    • Regional News
    • Digital Edition (Web Version)
    • Patients
    • Operations
    • Care Delivery
    • Payment
    • Midwest
    • Northeast
    • South
    • West
  • Blogs
    • AI
    • Deals
    • Layoff Tracker
    • HIMSS 2023
  • Opinion
    • Breaking Bias
    • Commentaries
    • Letters
    • From the Editor
  • Events & Awards
    • Awards
    • Conferences
    • Galas
    • Virtual Briefings
    • Webinars
    • Nominate/Eligibility
    • 100 Most Influential People
    • 50 Most Influential Clinical Executives
    • Best Places to Work in Healthcare
    • Excellence in Governance
    • Health Care Hall of Fame
    • Healthcare Marketing Impact Awards
    • Top 25 Emerging Leaders
    • Top Innovators
    • Diversity in Healthcare
      • - Luminaries
      • - Top 25 Diversity Leaders
      • - Leaders to Watch
    • Women in Healthcare
      • - Luminaries
      • - Top 25 Women Leaders
      • - Women to Watch
    • Digital Health Transformation Summit
    • ESG: The Implementation Imperative Summit
    • Leadership Symposium
    • Social Determinants of Health Symposium
    • Women Leaders in Healthcare Conference
    • Best Places to Work Awards Gala
    • Health Care Hall of Fame Gala
    • Top 25 Diversity Leaders Gala
    • Top 25 Women Leaders Gala
    • - Hospital of the Future
    • - Value Based Care
    • - Hospital at Home
    • - Workplace of the Future
    • - AI and Digital Health
    • - Future of Staffing
    • - Hospital of the Future (Fall)
  • Multimedia
    • Podcast - Beyond the Byline
    • Sponsored Podcast - Healthcare Insider
    • Sponsored Video Series - One on One
    • Sponsored Video Series - Checking In with Dan Peres
  • Data & Insights
    • Data & Insights Home
    • Hospital Financials
    • Staffing & Compensation
    • Quality & Safety
    • Mergers & Acquisitions
    • Data Archive
    • Resource Guide: By the Numbers
    • Surveys
    • Data Points
  • Newsletters
  • MORE+
    • Contact Us
    • Advertise
    • Media Kit
    • Jobs
    • People on the Move
    • Reprints & Licensing
MENU
Breadcrumb
  1. Home
  2. Information Technology
September 16, 2014 12:00 AM

GAO: HealthCare.gov website must boost security

Associated Press
  • Tweet
  • Share
  • Share
  • Email
  • More
    Reprints Print

    HealthCare.gov, the health insurance website serving more than 5 million Americans, has significant security flaws that put users' personal information at risk, nonpartisan congressional investigators have concluded.

    The Government Accountability Office said the Obama administration must resolve more than 20 specific security issues related to who can get into the system, who can make changes in it and what to do in case the complex network fails.

    GAO, the investigative arm of Congress, found that the administration took a major risk going live with HealthCare.gov last fall when the system was still not fully tested. Some testing was incomplete as of June.

    While the administration "has taken important steps to apply security and privacy safeguards to HealthCare.gov and its supporting systems, significant weaknesses remain that put these systems and the sensitive, personal information they contain at risk of compromise," Gregory Wilshusen, GAO's director of information security, said in testimony prepared for the House Oversight and Government Reform Committee.

    The committee released his testimony Tuesday. GAO's accompanying 78-page report was released later.

    The website collects sensitive personal information including names, birth dates, Social Security numbers and family income.

    Multiple federal and state agencies as well as many contractors have access. Yet the report found there's no common understanding of security requirements among all the players.

    The agency running HealthCare.gov "had not always required or enforced strong password controls, adequately restricted access to the Internet, consistently implemented software patches and properly configured an administrative network," the report said.

    Responding for the administration, HHS spokesman Aaron Albright said that the changing nature of threats makes website security an evolving process and that officials have already acted on many of the recommendations.

    In its public assessment, the GAO outlined six broad areas where more work needs to done. They ranged from basics like following recommended best practices for government agencies, to a comprehensive test of all elements of the system, to establishing a backup site for the HealthCare.gov and its supporting networks.

    In an accompanying report that was not publicly released, Wilshusen said the agency listed 22 specific technical recommendations to fix security flaws. He said the administration agreed with all the specific recommendations, although not with some of the broader suggestions.

    One major disagreement is whether security testing should involve the entire system simultaneously — as GAO recommends— or whether each component can be tested and certified separately, as the administration has done.

    HealthCare.gov was hacked this summer, but no consumer information was stolen. Instead, hackers installed malicious software that could have been used to launch an attack on other websites from the federal insurance portal.

    Federal computer systems get hundreds of cyberattacks every day, but this was believed to be the first successful one involving HealthCare.gov.

    The healthcare site had numerous technical problems when it was launched last fall and was initially unworkable for most consumers. Among the issues that concerned the administration's own technical experts at the time was that security testing could not be completed because the system was undergoing so many last-minute changes.

    The part of HealthCare.gov that serves as the entry way for consumers eventually passed security certification, but the GAO revealed that security testing continued well into this year on other important components that deal with health plan information and financial management. The administration said that's because those components were still in stages of development.

    The report also confirmed security problems in state computer systems linking to the federal network, reported earlier this year by The Associated Press.

    Created by President Barack Obama's law, HealthCare.gov is the online gateway to subsidized private insurance for people who don't have access to a health plan on the job.

    The site currently serves 36 states, and more may be added when open enrollment starts Nov. 15. The remaining states run their own insurance exchanges.

    One of those states, Vermont, announced Tuesday that its technically troubled site has been taken down to fix numerous issues, including several security problems.

    The Oversight and Government Reform Committee was scheduled to hold a hearing Thursday on the GAO report and the outlook for the second year of HealthCare.gov.

    Letter
    to the
    Editor

    Send us a letter

    Have an opinion about this story? Click here to submit a Letter to the Editor, and we may publish it in print.

    Recommended for You
    Racial disparity hospital
    Providers confront racial bias engrained in EHRs
    Most Popular
    1
    CMS tries luring providers to revamped Medicare ACOs
    2
    Oregon joins other states in setting ratios for nurse staffing
    3
    Blue Shield CA taps Amazon, Mark Cuban, CVS for new PBM model
    4
    A health innovation hub grows in Lake Nona Medical City
    5
    Hospital-at-home providers push for Medicaid coverage
    Sponsored Content
    Digital Health Intelligence Newsletter: Sign up to receive a twice-weekly (T, F) morning newsletter featuring the latest reporting on technologies, trends, players and money fueling the rapid changes in how healthcare is developed, paid for and delivered.
    Get Newsletters

    Sign up for enewsletters and alerts to receive breaking news and in-depth coverage of healthcare events and trends, as they happen, right to your inbox.

    Subscribe Today
    MH Magazine Cover

    MH magazine offers content that sheds light on healthcare leaders’ complex choices and touch points—from strategy, governance, leadership development and finance to operations, clinical care, and marketing.

    Subscribe
    Connect with Us
    • LinkedIn
    • Twitter
    • Facebook
    • RSS

    Our Mission

    Modern Healthcare empowers industry leaders to succeed by providing unbiased reporting of the news, insights, analysis and data.

    Contact Us

    (877) 812-1581

    Email us

     

    Resources
    • Contact Us
    • Help Center
    • Advertise with Us
    • Ad Choices
    • Sitemap
    Editorial Dept
    • Submission Guidelines
    • Code of Ethics
    • Awards
    • About Us
    Legal
    • Terms and Conditions
    • Privacy Policy
    • Privacy Request
    Modern Healthcare
    Copyright © 1996-2023. Crain Communications, Inc. All Rights Reserved.
    • News
      • Current News
      • Providers
      • Insurance
      • Government
      • Finance
      • Technology
      • Safety & Quality
      • Digital Health
      • Transformation
        • Patients
        • Operations
        • Care Delivery
        • Payment
      • ESG
      • People
      • Regional News
        • Midwest
        • Northeast
        • South
        • West
      • Digital Edition (Web Version)
    • Blogs
      • AI
      • Deals
      • Layoff Tracker
      • HIMSS 2023
    • Opinion
      • Breaking Bias
      • Commentaries
      • Letters
      • From the Editor
    • Events & Awards
      • Awards
        • Nominate/Eligibility
        • 100 Most Influential People
        • 50 Most Influential Clinical Executives
        • Best Places to Work in Healthcare
        • Excellence in Governance
        • Health Care Hall of Fame
        • Healthcare Marketing Impact Awards
        • Top 25 Emerging Leaders
        • Top Innovators
        • Diversity in Healthcare
          • - Luminaries
          • - Top 25 Diversity Leaders
          • - Leaders to Watch
        • Women in Healthcare
          • - Luminaries
          • - Top 25 Women Leaders
          • - Women to Watch
      • Conferences
        • Digital Health Transformation Summit
        • ESG: The Implementation Imperative Summit
        • Leadership Symposium
        • Social Determinants of Health Symposium
        • Women Leaders in Healthcare Conference
      • Galas
        • Best Places to Work Awards Gala
        • Health Care Hall of Fame Gala
        • Top 25 Diversity Leaders Gala
        • Top 25 Women Leaders Gala
      • Virtual Briefings
        • - Hospital of the Future
        • - Value Based Care
        • - Hospital at Home
        • - Workplace of the Future
        • - AI and Digital Health
        • - Future of Staffing
        • - Hospital of the Future (Fall)
      • Webinars
    • Multimedia
      • Podcast - Beyond the Byline
      • Sponsored Podcast - Healthcare Insider
      • Sponsored Video Series - One on One
      • Sponsored Video Series - Checking In with Dan Peres
    • Data & Insights
      • Data & Insights Home
      • Hospital Financials
      • Staffing & Compensation
      • Quality & Safety
      • Mergers & Acquisitions
      • Data Archive
      • Resource Guide: By the Numbers
      • Surveys
      • Data Points
    • Newsletters
    • MORE+
      • Contact Us
      • Advertise
      • Media Kit
      • Jobs
      • People on the Move
      • Reprints & Licensing