CBS's Sharyl Attkison reported on numerous security issues with the Obamacare website Monday on CBS Evening News.
The deadline for final security planning was pushed back over two months this summer, according to Attkison. Moreover, the the final security testing for the website was never completed.
A released document from the House Oversight Committee shows the government granted itself a waiver to launch the website with "...a level of uncertainty deemed as a high [security] risk," according to Attkison:
PELLEY: Today the federal health care website went down again for about hour and a half. No one is sure why. It's being taken offline on purpose every morning in the wee hours from 1:00 a.m. to 5:00 a.m. for repairs. Millions are still having trouble buying insurance on it and it turns out that even when the website works it may not be secure enough to protect privacy. Sheryl Attkison has been digging in to this.
SHARYL ATTKISSON: As healthcare.gov was being developed, crucial tests to ensure the security and privacy of customer information fell behind schedule. Our analysis found that the deadline for final security plans slipped three times from May 6 to July 16. Security assessments to be finished June 7 slid to August 16 then the 23rd. The final required top-to-bottom security tests never got done. The House Oversight committee released an obama administration memo that shows four days before the launch the government took an unusual step. It granted itself a waiver to launch the web site with a level of uncertainty deemed as a high security risk. Agency head Marilyn Tavener accepted the risk and mitigation measures like frequent testing and a dedicated security team. But three other officials signed a statement saying "that does not reduce the risk of launching October 1."