HHS CISO: “no successful security attacks on Healthcare.gov”

obamacare-hackOne of the persistent concerns about Healthcare.gov regards the security of the federal health insurance exchange marketplace, as I reported for Politico Magazine this month. At least one glaring security flaw remained unpatched until the end of October. Despite the “big fix” announced on December 1, the security of the website and the backend systems behind it have not only remained in doubt, given issues that have come out in Congressional testimony but have now become the subject of contentious exchanges between the United States House Oversight Committee and the Department of Health and Human Services, which operates them.

Today, Democrats on the House Energy and Commerce Committee released a memorandum regarding a security briefing on the Affordable Care Act (embedded below) that includes a summary of a classified briefing from Dr. Kevin Charest, the HHS Chief Information Security Officer, and Ned Holland, HHS Assistant Secretary for Administration. The memorandum states that “there have been no successful security attacks on Healthcare.gov. In it, Dr. Charest is quoted as saying that “no person or group has hacked into Healthcare.gov, and no person or group has maliciously accessed any personally identifiable information from users.”

The authors of the memorandum, Representatives Henry A. Waxman and Diana DeGette, write that “the information provided in the briefing was reassuring,” given the assurances of the chief information security officer that “the security of Healthcare.gov has not been breached, and hackers have had no access to personally identifiable information.”

Despite this letter, it’s not clear whether the Healthcare.gov security concerns that TrustedSec has highlighted have been addressed. Given the continued focus of Congressional committees on the issue, expect more assessments and audits to emerge in the future.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s