A photo of the homepage for the site HealthCare.gov, the country's new health care website.
Hide Caption

Security risks for Heathcare.gov known before sign-up deadline

a a a a
Share this story

Months after its launch, as millions of Americans log on to shop for health plans, HealthCare.gov has still had serious security issues.

During testing of the site, a cybersecurity official House Oversight Committee said that there have been "two high findings" of risk during a private transcribed interview.

The exact description of the issue was redacted from the transcript to assure security, an official told ABC News.

One risk factor was noted in November. The other was reported earlier this week.

“In one case, what was initially flagged as a high finding was proven to be false,” the agency said in a statement. “In the other case, we identified a piece of software code that needed to be fixed and that fix is now in place. Since that time, the feature has been fully mitigated and verified by an independent security assessment, per standard practice."

While administration officials maintain that there have been no violations of HealthCare.gov security or of personal information, the oversight of high-risk issues in recent testing is noteworthy. 

Portions of  the CMS cybersecurity chief’s testimony provided to ABC News show that she recommended that HealthCare.gov not launch on Oct. 1 because of serious security concerns.

The Chief, Teresa Fryer, said she gave the same warning in September, days before the launch. She said she would have denied an Authority of Operate (ATO) license for the website to go public. But instead, the site went live on Oct. 1 without further security testing.

Fryer told the committee that when she signed a document acknowledging the risks, she made it clear that she was “not agreeing with the decision” to authorize the ATO.

An official told ABC on Friday that the issues identified as "high risk" have now been resolved.

Health and Human Services spokeswoman Joanne Peters said that "risk mitigation strategies" are in place for risk findings on the website.

Copyright 2013 Scripps Media, Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.

Print this article

Comments

Hmm... It looks like you’re not a WCPO Insider. or Subscribe now to contribute!

More Technology News
Bust a move! Local teen dances to end bullying
Bust a move! Local teen dances to end bullying

He takes the stage to spread his anti-bullying message. Who is Jeff Bullis? Meet the 19-year-old West Chester, Oh. teen who is using his…

Hacker attack? NKU Cyber Defense Team can help
Hacker attack? NKU Cyber Defense Team can help

The students bested teams from nine states--including the University of Louisville--in a recent competition. Organizers described the cyber…

Scammers using Netflix to steal from millions
Scammers using Netflix to steal from millions

A dangerous new phishing scam is targeting the sensitive information of millions of Netflix users.

No geeks here: Tri-Staters flock to learn coding
No geeks here: Tri-Staters flock to learn coding

If the first thing that comes to mind when thinking of a computer programmer is someone sitting alone in a room, pounding away at a keyboard…

Apps to know and reporter woes in digital review
Apps to know and reporter woes in digital review

Each week, we recap the stories and trends that made headlines in the digital world. Read on to see what you missed.  

Reaching out to communities in different ways
Reaching out to communities in different ways

This week one project looks to double funds for a local hip hop and youth arts center. The second seeks help to expand a café that the…

Sony recalls some laptops over battery issue
Sony recalls some laptops over battery issue

Sony is recalling some of its VAIO laptop computers, saying that it's possible that its non-removable battery pack could overheat.

GOP, Dems clash over online domain names
GOP, Dems clash over online domain names

Republican opposition to Obama administration plans to spin off U.S. oversight of the Internet's domain name system is evolving into an…

Heartbleed: Which websites have security bug?
Heartbleed: Which websites have security bug?

One of the biggest encryption flaws the Internet has ever endured has potentially affected thousands of websites.

What you need to know about the Heartbleed bug
What you need to know about the Heartbleed bug

Millions of passwords, credit card numbers and other personal information may be at risk as a result of a major breakdown in Internet…