Health care marketplace not secure, House panel told
Published: Tuesday, Nov. 19, 2013, 9:21 p.m.
WASHINGTON — President Obama's HealthCare.gov site is riddled with security flaws that put users' data at risk, several technology experts warned lawmakers on Tuesday.
The testimony during a congressional hearing could increase concerns among many Americans about Obama's health care overhaul, known as Obamacare. Opinion polls show the botched rollout of the online marketplace for health insurance policies has hurt the popularity of the effort.
The website collects data such as names, birth dates and Social Security numbers that criminals could use for a variety of scams.
In a rapid “yes” or “no” question-and-answer session during a Republican-sponsored hearing by the House of Representatives Science, Space and Technology Committee, Republican Rep. Chris Collins of New York asked four experts about the security of the site.
“Do any of you think today that the site is secure?” he asked.
The answer from the experts, which included two academics and two private sector technical researchers, was a unanimous “no.”
“Would you recommend today that this site be shut down until it is?” asked Collins, whose party is opposed to Obamacare and has sought to capitalize on the failures of the website since it opened for enrollment on Oct. 1.
Three of the experts said “yes,” while a fourth said he did not have enough information to make that call.
The experts said the site needs to be completely rebuilt to run more efficiently, making it easier to protect. They said HealthCare.gov runs on 500 million lines of code, or 25 times the size of Facebook, one of the world's busiest sites.
“When your code base is that large, it's going to be indefensible,” Morgan Wright, CEO of a firm known as Crowd Sourced Investigations, said in an interview after testifying at the hearing.
“Do you want to defend the Great Wall of China or a very small line?”
David Kennedy, head of computer security consulting firm TrustedSec LLC and a former Marine Corps cyber-intelligence analyst, gave lawmakers a 17-page report that highlights the problems with the site and warned that some of them remain live.
The site lets people know invalid user names when logging in, allowing hackers to identify user IDs, according to the report, which warns of other security bugs.
In written testimony, Kennedy said it would take a minimum of seven to 12 months to fix the problems with the site shut down, given the site's complexity and size.
White House spokesman Jay Carney said after the hearing that “the privacy and security of consumers' personal information are a top priority.”
“When consumers fill out their online marketplace applications, they can trust that the information that they are providing is protected by stringent security standards.”
HealthCare.gov allows consumers to shop for insurance plans under the Affordable Care Act, which passed in 2010 and mandated that all Americans have health insurance. Under the law, marketplaces were established for residents to buy policies.
The portal has been bedeviled by technical glitches and reports of security bugs, but officials say they are making progress with repairs and that it should be accessible to the “vast majority” of consumers by Nov. 30.
“The Obama administration has a responsibility to ensure that the personal and financial data collected by the government is secure,” said Rep. Lamar Smith, R-Texas, who chairs the House science panel.
“Unfortunately, in their haste to launch the HealthCare.gov website, it appears the administration cut corners that leaves the site open to hackers and other online criminals,” he said.
Show commenting policy
TribLive commenting policy
You are solely responsible for your comments and by using TribLive.com you agree to our Terms of Service.
We moderate comments. Our goal is to provide substantive commentary for a general readership. By screening submissions, we provide a space where readers can share intelligent and informed commentary that enhances the quality of our news and information.
While most comments will be posted if they are on-topic and not abusive, moderating decisions are subjective. We will make them as carefully and consistently as we can. Because of the volume of reader comments, we cannot review individual moderation decisions with readers.
We value thoughtful comments representing a range of views that make their point quickly and politely. We make an effort to protect discussions from repeated comments either by the same reader or different readers.
We follow the same standards for taste as the daily newspaper. A few things we won't tolerate: personal attacks, obscenity, vulgarity, profanity (including expletives and letters followed by dashes), commercial promotion, impersonations, incoherence, proselytizing and SHOUTING. Don't include URLs to Web sites.
We do not edit comments. They are either approved or deleted. We reserve the right to edit a comment that is quoted or excerpted in an article. In this case, we may fix spelling and punctuation.
We welcome strong opinions and criticism of our work, but we don't want comments to become bogged down with discussions of our policies and we will moderate accordingly.
We appreciate it when readers and people quoted in articles or blog posts point out errors of fact or emphasis and will investigate all assertions. But these suggestions should be sent via e-mail. To avoid distracting other readers, we won't publish comments that suggest a correction. Instead, corrections will be made in a blog post or in an article.
- California man named as bitcoin creator denies involvement
- El Nino could bring relief to U.S.
- Health marketplace targets not signing up, survey shows
- Shuster plans oversight for DUI program
- Former National Security Agency contractor Snowden’s leaks to cost billions, take years to fix
- Ads tell Colo. pot users to keep off roads
- Tenn. homicide suspect shot mom in 2004
- Gillibrand sex assault bill halted by fellow Democrat
- ‘Drug czar’ cleared to lead Border Patrol
- ‘Senior officers should not do that,’ Army leader says in pleading guilty to misconduct charges
- Senator wants fast action on rail safety