Months after its launch, as millions of Americans log on to shop for health plans, HealthCare.gov has still had serious security issues.
During testing of the site, a cybersecurity official House Oversight Committee said that there have been "two high findings" of risk during a private transcribed interview .
The exact description of the issue was redacted from the transcript to assure security, an official told ABC News .
One risk factor was noted in November. The other was reported earlier this week.
“In one case, what was initially flagged as a high finding was proven to be false,” the agency said in a statement. “In the other case, we identified a piece of software code that needed to be fixed and that fix is now in place. Since that time, the feature has been fully mitigated and verified by an independent security assessment, per standard practice."
While administration officials maintain that there have been no violations of HealthCare.gov security or of personal information, the oversight of high-risk issues in recent testing is noteworthy.
Portions of the CMS cybersecurity chief’s testimony provided to ABC News show that she recommended that HealthCare.gov not launch on Oct. 1 because of serious security concerns.
The Chief, Teresa Fryer, said she gave the same warning in September, days before the launch. She said she would have denied an Authority of Operate (ATO) license for the website to go public. But instead, the site went live on Oct. 1 without further security testing.
Fryer told the committee that when she signed a document acknowledging the risks, she made it clear that she was “not agreeing with the decision” to authorize the ATO.
An official told ABC on Friday that the issues identified as "high risk" have now been resolved.
Health and Human Services spokeswoman Joanne Peters said that "risk mitigation strategies" are in place for risk findings on the website.