Intelligence Chairman: Quick Code Fixes to Healthcare.gov, Lack of Monitoring have Made Website Less Secure
December 3, 2013 - 7:40 am
The chairman of the House Intelligence Committee said while the Obamacare website may have gotten faster, the quick fixes to improve performance may have compromised website security even more.
“The level of security on this web site is not even up to minimal standards in the private sector and when you talk about the sheer sensitivity of the information that the hub has access to, so think about all of these different servers with really sensitive information go to the hub. None of it has been stress tested. So they’re adding new code constantly, which hasn’t been vetted appropriately. And every time you add new code, it changes the ecosystem of the security of the entire web site,” Rep. Mike Rogers (R-Mich.) told Fox.
“None of that has been tested. So we know that this thing gets hit thousands of times a day by people trying to get in and get access, unauthorized access. They have no coordinated effort on every single day to try to monitor and track that. Matter of fact, they could not even provide someone, CMS and HHS, the two folks responsible for the healthcare.gov web site, couldn’t even provide someone in a classified setting to come up and talk about the breaches which they know have happened.”
Rogers called that “just unconscionable.”
“So what we do is you’re encouraging people to go to a site that our own government knows doesn’t meet safety standards when it comes to security of private information. That’s why I think this is so incompetent. And if you’re going to do this right, Greta, the way any other company would do it. And if you notice iPhone or Apple never says it’s this exact date that we’re going to do the opening. Why?” he continued. “Because they’re stress testing that system right up until it’s ready. Then they say it’s the fall. We’re going to go on, whatever, October 1. This they did it the other way around. We’re going to meet October 1 and we’re not going to stress test it. We’re going to go ahead and make all these people exposed to this problem and not tell them about it. That’s just wrong.”
The chairman said the problem is “they’re married to this political timeline.”
“I think they believe that their politics is mired in the success of the web site, let alone what you think of the health care product once it gets working. And I think that’s a serious mistake. No business would do this. I think the president could get a lot of points here if he stopped, backed up, and said we’re going to close this thing down until it is fully secure up to modern-day industry standards,” Rogers said. “I think he could get some kudo points for this. Instead, he has just decided I’m mired to this thing, and by god we’re going to do it no matter if people are losing their personal information or not. That’s wrong. If this were the private sector, I talked to a contractor who said we would get sued to the point we were not in business anymore if we were even close to doing what they’re doing on this web site. That’s a pretty good indication we shouldn’t be doing it.”