Months after its launch, as millions of Americans log on to shop for health plans, HealthCare.gov has still had serious security issues.
During testing of the site, a cybersecurity official House Oversight Committee said that there have been "two high findings" of risk during a private transcribed interview.
The exact description of the issue was redacted from the transcript to assure security, an official told ABC News.
One risk factor was noted in November. The other was reported earlier this week.
“In one case, what was initially flagged as a high finding was proven to be false,” the agency said in a statement. “In the other case, we identified a piece of software code that needed to be fixed and that fix is now in place. Since that time, the feature has been fully mitigated and verified by an independent security assessment, per standard practice."
While administration officials maintain that there have been no violations of HealthCare.gov security or of personal information, the oversight of high-risk issues in recent testing is noteworthy.
Portions of the CMS cybersecurity chief’s testimony provided to ABC News show that she recommended that HealthCare.gov not launch on Oct. 1 because of serious security concerns.
The Chief, Teresa Fryer, said she gave the same warning in September, days before the launch. She said she would have denied an Authority of Operate (ATO) license for the website to go public. But instead, the site went live on Oct. 1 without further security testing.
Fryer told the committee that when she signed a document acknowledging the risks, she made it clear that she was “not agreeing with the decision” to authorize the ATO.
An official told ABC on Friday that the issues identified as "high risk" have now been resolved.
Health and Human Services spokeswoman Joanne Peters said that "risk mitigation strategies" are in place for risk findings on the website.
Copyright 2013 Scripps Media, Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.
He takes the stage to spread his anti-bullying message. Who is Jeff Bullis? Meet the 19-year-old West Chester, Oh. teen who is using his…
The students bested teams from nine states--including the University of Louisville--in a recent competition. Organizers described the cyber…
A dangerous new phishing scam is targeting the sensitive information of millions of Netflix users.
If the first thing that comes to mind when thinking of a computer programmer is someone sitting alone in a room, pounding away at a keyboard…
Each week, we recap the stories and trends that made headlines in the digital world. Read on to see what you missed.
This week one project looks to double funds for a local hip hop and youth arts center. The second seeks help to expand a café that the…
Sony is recalling some of its VAIO laptop computers, saying that it's possible that its non-removable battery pack could overheat.
Republican opposition to Obama administration plans to spin off U.S. oversight of the Internet's domain name system is evolving into an…
One of the biggest encryption flaws the Internet has ever endured has potentially affected thousands of websites.
Millions of passwords, credit card numbers and other personal information may be at risk as a result of a major breakdown in Internet…