The breach involved an inadvertent transfer of personal data from computers controlled by the Center for Medicare and Medicaid Services to servers at Optum/QSSI, the lead contractor building the infrastructure for the healthcare.gov infrastructure.
Andrew Slavitt was the leader of UnitedHealth Optum/QSSI, the legacy of his original firm Ingenix, which he sold to UnitedHealth, at the time of the breach, so it is interesting that Slavitt is now the principal deputy administrator at CMS—and the man tasked by President Barack Obama to fix the healthcare.gov debacle.
Officials at Health and Human Services, the parent agency of CMS, the office inside the department with overall supervision of the federal healthcare exchanges, state-based marketplaces and enrollment, as well as, the Federal Data Services data hub, changed procedures for handling personal information, but did not report the incident to Congress because in their thinking it was not a external attack or break-in.
Word of the security breach in the late spring is bubbling up just as Congress is reacting news of a successful hacker attack in July, disclose just after Labor Day.
The hacker installed malicious software inside the system and the breach went undetected for two months.
What President Obama fails to understand is that a president actually gains political capital by working with Congress, instead of stonewalls, lies, and omissions.
He’ll leave the White House more politically exhausted than Jimmy Carter and George W. Bush combined.