Months after its launch, as millions of Americans log on to shop for health plans, HealthCare.gov has still had serious security issues.
During testing of the site, a cybersecurity official House Oversight Committee said that there have been "two high findings" of risk during a private transcribed interview.
The exact description of the issue was redacted from the transcript to assure security, an official told ABC News.
One risk factor was noted in November. The other was reported earlier this week.
“In one case, what was initially flagged as a high finding was proven to be false,” the agency said in a statement. “In the other case, we identified a piece of software code that needed to be fixed and that fix is now in place. Since that time, the feature has been fully mitigated and verified by an independent security assessment, per standard practice."
While administration officials maintain that there have been no violations of HealthCare.gov security or of personal information, the oversight of high-risk issues in recent testing is noteworthy.
Portions of the CMS cybersecurity chief’s testimony provided to ABC News show that she recommended that HealthCare.gov not launch on Oct. 1 because of serious security concerns.
The Chief, Teresa Fryer, said she gave the same warning in September, days before the launch. She said she would have denied an Authority of Operate (ATO) license for the website to go public. But instead, the site went live on Oct. 1 without further security testing.
Fryer told the committee that when she signed a document acknowledging the risks, she made it clear that she was “not agreeing with the decision” to authorize the ATO.
An official told ABC on Friday that the issues identified as "high risk" have now been resolved.
Health and Human Services spokeswoman Joanne Peters said that "risk mitigation strategies" are in place for risk findings on the website.
Copyright 2013 Scripps Media, Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.
A SpaceX commercial rocket blasted off from Cape Canaveral on schedule Friday afternoon and is heading to the International Space Station.
Rumors of an Amazon smartphone reached a fever pitch this week, with several tech blogs speculating that the device could be due out this year.
Each week, we recap the stories and trends that made headlines in the digital world. Read on to see what you missed.
NASA's robotic moon explorer, LADEE, is no more. Flight controllers confirmed early Friday that the moon-orbiting spacecraft crashed into…
Small underground nuclear power plants that could be cheaper to build than their behemoth counterparts may herald the future for an energy…
If you click ‘Like’ on your favorite brands or companies on Facebook, you could be signing up for more than you bargained for.
Facebook users in the U.S. will soon be able to see which of their friends are in close proximity using a new feature the company is…
He takes the stage to spread his anti-bullying message. Who is Jeff Bullis? Meet the 19-year-old West Chester, Oh. teen who is using his…
The students bested teams from nine states--including the University of Louisville--in a recent competition. Organizers described the cyber…
A dangerous new phishing scam is targeting the sensitive information of millions of Netflix users.