Issues

HHS Launched Obamacare Website With Known Security Concerns

Documents reveal the testing contractor recommended a denial to operate a month before website was launched

healthcare.gov
Getty Images

The Department of Health and Human Services launched the Obamacare website, Healthcare.gov, disregarding known security concerns, according to newly obtained documents from the watchdog group Judicial Watch.

Mitre Corporation, the testing contractor that evaluated Healthcare.gov, initially found there were security concerns surrounding the website.

"The documents reveal that Mitre recommended a ‘Denial Authorization to Operate' in the month prior to Obamacare's launch, noting that it could not adequately test the confidentiality and integrity of the system," Judicial Watch said. "It said that complete end-to-end testing of the system never occurred. Mitre found that 11 ‘moderate' security findings and 8 ‘low' findings remained open as of September 19, 2013—12 days before the launch."

Additionally, five days before the website was launched, an "Authorization to Operate" was not only unsigned but indicated the validation contractor was unable to test the system completely.

The new documents also reveal that officials at the Centers for Medicare and Medicaid Services had a press background briefer where they crossed out a line that said consumers could trust the security of the website and that it was compliant with the Federal Information Security Management Act.

In addition, Healthcare.gov's IT security chief Tom Schankweiler said that the agency was faced with either exposing personal identifiable information of consumers who used the site or having the website down for days.

"He also warns of a software problem causing a ‘high number of security and privacy incidents,'" Judicial Watch said. "Schankweiler's push to fix the problem was resisted by CMS official Rebecca Fender, who worried that the fix would take the Obamacare website down ‘for several days.'"

"Obamacare is corrupt, as we see further proof in these FOIA documents that sensitive health information on millions of Americans was put at risk," said Judicial Watch president Tom Fitton. "From its start, Obamacare was a project that its promoters were determined to inflict on us whether it was ready or not. And clearly it was not. Anyone who uses the Obamacare web site does so at great risk to their private information. Let this be a lesson for those in Washington who are now trying to clean up this mess."