Chief Project Manager for building healthcare.gov Henry Chao was apparently kept in the dark about glitches the Obamacare website experienced prior to its launch, Sharyl Attkison of reported Monday on CBS Evening News.
Chao gave over nine hours of closed testimony to the House Committee on Oversight and Government Reform earlier in preparation for this week’s hearing.
Among the more disturbing revelations, Chao said he was unaware of a CMS September 3 memo which warned of two high security risks in the system. The threat posed by the technical issues posed a possibly “limitless” risk potential, according to the memo.
However, Chao testified he had been informed that there were no “high” security risks:
Chao said he was unaware of a Sept. 3 government memo written by another senior official at CMS. It found two high-risk issues, which are redacted for security reasons. The memo said “the threat and risk potential (to the system) is limitless.” The memo shows CMS gave deadlines of mid-2014 and early 2015 to address them.
But Chao testified he’d been told the opposite.
“What I recall is what the team told me, is that there were no high findings,” he said.
Chao testified security gaps could lead to identity theft, unauthorized access and misrouted data.
According to federal guidelines, high risk means “the vulnerability could be expected to have a severe or catastrophic adverse affect on organizational operations … assets or individuals.”
It was Chao who recommended it was safe to launch the website Oct. 1. When shown the security risk memo, Chao said, “I just want to say that I haven’t seen this before.”
A Republican staff lawyer asked, “Do you find it surprising that you haven’t seen this before?”
Chao replied, “Yeah … I mean, wouldn’t you be surprised if you were me?” He later added: “It is disturbing. I mean, I don’t deny that this is … a fairly nonstandard way” to proceed.