A member of the House Intelligence Committee said Tuesday she is investigating whether an intelligence report warning about risks to Americans who posted data on the Obamacare website was suppressed for political reasons.
Rep. Michele Bachmann (R., Minn.) said she plans to write to President Barack Obama and Health and Human Services Secretary Kathleen Sebelius urging them to immediately shut down the Healthcare.gov website over concerns that the system is vulnerable to cyber attacks as a result of malicious software possibly inserted from Belarus, or as a result of other security holes.
The White House said Monday that an intelligence report warning of potential malicious software in the Affordable Care Act network was withdrawn from circulation by U.S. intelligence agencies shortly after it was issued.
However, White House National Security Council spokeswoman Caitlin Hayden said cyber security specialists had launched a precautionary review of the Obamacare software to determine if it contains any malware from Belarus, an anti-U.S. dictatorship and close ally of Russia.
Security officials told the Free Beacon the probe is looking into whether hackers or spies planted hidden “backdoor” access points or other potential cyberespionage software.
In an interview, Bachmann said in addition to security flaws in the website and healthcare network software, she is concerned about the “politicization” of intelligence regarding the intelligence report.
The concern is that unpopular intelligence may have been suppressed because it would undermine support for the president’s key domestic policy initiative.
Shawn Turner, a spokesman for the director of national intelligence, denied there were political motivations behind withdrawing the report.
“The decision to recall the document was made within the intelligence community and solely because the document was not properly vetted before it was circulated,” Turner said.
During a hearing of the House Permanent Select Committee on Intelligence Tuesday, Bachmann grilled five leaders of the U.S. intelligence community. All testified that they were ignorant of the intelligence report on possible malware from Belarus in the Healthcare.gov network, or whether the report had been recalled.
The intelligence officials included Director of National Intelligence James Clapper; CIA Director John Brennan; Defense Intelligence Agency Director Lt. Gen. Michael Flynn; FBI Director James Comey; and Matthew Olsen, director of the national counterterrorism center.
“All of them are political appointees. Every one of them, and so the fact that not one of them was aware of this issue that says something to me,” Bachmann said in the interview.
Angelo Codevilla, a former professional staff member for the Senate Intelligence Committee, said the White House statement that the report was “recalled by the intelligence community” raises the question of why the action was taken.
“Was the source of the facts on which the report was based unreliable? Was the analysis logically faulty?” Codevilla asked. “Or, as happens routinely these days, is intelligence being suppressed or mangled for domestic political purposes?”
He added: “The integrity of government is as much a stake here as is the privacy of Americans.”
David S. Sullivan, a former CIA analyst and former military intelligence analyst who retired in 1993, said his best work at the agency was “recalled and suppressed by the CIA director in 1978.
“Politicization of intelligence, unfortunately, is endemic to the trade,” Sullivan said in an email. “It is always an almost irresistible temptation to senior managers in U.S. intelligence of all agencies.”
Sullivan said that such recall and suppression of intelligence reports usually “only calls more attention to the intelligence recalled and suppressed.”
Bachmann said she was “shocked” by the officials’ lack of knowledge about a potential cyber threat to Obamacare because the program is the “signature agenda item of the president of the United States, and there are intelligence aspects when we’re looking at this form of data collection.”
“The fact that the intelligence community would act as though they were completely unaware of this issue I just find incredulous or difficult to believe,” she said.
“This isn’t over,” she said of the concerns about malware in Obamacare. “As far as I’m concerned we are only at the threshold of this issue. And we need to keep our eyes on this because we can’t trust the administration to keep their eyes on it, the cyber security of the American people.”
The congresswoman wants answers from the president and his administration about the initial intelligence report of the possible software compromise and why it was recalled.
Additionally, Bachmann wants information on the results of an ongoing HHS security review of the Obamacare software in a search for malware from Belarus.
The senior intelligence and security leaders told the House hearing they had no knowledge of the intelligence or that the report was recalled for unspecified reasons.
Prior to her questions at the hearing Tuesday, Bachmann read portions of the Washington Free Beacon report that first disclosed U.S. intelligence agencies last week had alerted the Department of Health and Human Services that new information indicated some of the software in the Obamacare network was developed under state-controlled technicians in Belarus.
Following damaging intelligence disclosures by former NSA contractor Edward Snowden, “now, I’m concerned about an unintentional leak of millions of Americans’ sensitive data,” Bachmann said, referring to the possible security flaws in the Obamacare network.
Hayden, the NSC spokeswoman, said so far there had been no indications of such malicious software, but the security review is continuing.
The Obamacare software network connects millions of Americans to the federal government and some 300 health care providers.
Asked about the withdrawn report, Clapper said: “I don’t know anything about it. We’ll have to get back to you.”
“Could you tell this Congress and also the American people why in the world Health and Human Services shouldn’t immediately shut down and properly stress test the Healthcare.gov website to ensure that consumers are protected from potential security risks from across the globe?” Bachmann asked.
Clapper said the health care system was “not my responsibility.”
Bachmann said she was angered that none of the officials were familiar with an intelligence report issued last week.
“I find this outrageous, considering the fact that we are looking at one of the worst intentional leaks in American history, conducted by an NSA contractor, and in the midst of that, this is one of the largest unintentional leaks that could impact personally every American citizen, as we are now required to sign up for health care … what this will mean, because the president of the United States recently stated that 3 million Americans have signed up for health care on this website, which now is potentially vulnerable to an ally of the Russian government.”
Turner, the DNI spokesman, said in a statement that the report in question was “a routine Open Source Center summary report.” The center is a CIA-based analytical group known for translations of foreign media reports.
“It was issued last week and subsequently recalled when we realized that it had not undergone the standard review process all such documents are subject to prior to dissemination,” Turner said. “This was the result of a rare breakdown in our internal processes. The cause of that breakdown has been identified and we’re taking steps prevent it from happening again.”
Turner did not say who recalled the report.
On Monday, in response to questions from the Free Beacon, Hayden confirmed that HHS was alerted to the potential for malicious software in the Obamacare network. She said the intelligence report on the potential threat “was recalled by the Intelligence Community shortly after it was issued.”
“Immediately upon learning of the now-recalled report, HHS conducted a review to determine whether, in fact, any of the software associated with the Affordable Care Act was written by Belarusian software developers,” she said in a statement.
“So far HHS has found no indications that any software was developed in Belarus,” Hayden said. “However, as a matter of due diligence, they will continue to review the supply chain. Supply chain risk is real and it is one of our top concerns in the area of cyber security.”
U.S. officials said the potential threat from Belarus was discovered in early January based on statements by Belarusian official Valery Tsepkalo, director of the government-backed High-Technology Park (HTP) in Minsk.
Tsepkalo said HHS was a client and that technology companies at the Minsk-based technology park were helping complete Obama’s health care reform.
“Our programmers wrote the program that appears on the monitors in all hospitals and all insurance companies—they will see the full profile of the given patient,” Tsepkalo told Voice of Russia Radio June 25.
Security officials told the Free Beacon the combination of compromised software and Internet hijacking by Belarus last year and the anti-U.S. regime in Minsk made the Obamacare software a potential target for cyber attacks aimed at stealing personal data.