Committee Questions White House Knowledge of Security Concerns Prior to Healthcare.gov Launch

Dec 20, 2013

Washington, D.C. - Science, Space, and Technology Committee Chairman Lamar Smith (R-Texas) along with Oversight Subcommittee Chairman Paul Broun M.D. (R-Ga.) and Research and Technology Subcommittee Chairman Larry Bucshon, M.D. (R-Ind.) today sent a letter to the White House, requesting all records of actions surrounding the security of the Healthcare.gov website.  The letter, addressed to President Obama’s top advisor for Science and Technology, Dr. John Holdren, outlines a number of security concerns and questions the extent to which those concerns were understood by the administration prior to the website’s launch on October 1, 2013.

“In its haste to launch the Healthcare.gov website, it appears the Obama Administration cut corners that leave the site open to hackers and other online criminals,” the lawmakers wrote.  “As a result, Americans who have already entered personal information into Healthcare.gov are vulnerable to identity theft.”

The data passing through the Healthcare.gov website is one of the largest collections of personal information ever assembled, linking social security numbers, birth dates, tax and other financial information from seven different federal agencies, along with state agencies and government contractors.

At a hearing held on November 19, the Science Committee received troubling testimony from online security experts regarding the flaws and vulnerabilities in the Obamacare website that put the personal data of Americans at risk. One witness, Mr. David Kennedy, a so-called ‘white hat hacker,’ gave a demonstration showing how hackers are attempting to access personal information on the website.  According to his testimony, not only is the website vulnerable, it is under active attack.  Even more troubling, Mr. Kennedy testified that there are “clear indicators that even basic security was not built into the Healthcare.gov website.” Moreover, the administration’s recent efforts to address the flaws with the website’s capacity do not appear to address the larger security and privacy issues raised in our hearing. 

The letter questions the role of one of President Obama’s top assistants, Mr. Todd Park, in overseeing security issues before the website was launched.  The White House has now rejected three invitations for Mr. Park to testify before the House Science Committee, claiming that Mr. Park has not been involved in security issues.  However, Mr. Park was a White House co-chair of the official Steering Committee with direct oversight of the security and privacy working groups that oversaw website development. The letter requests that the White House expand on suggestions made by staff that Mr. Park’s activities are protected by Executive Privilege. The letter asks whether the administration intends to invoke such a claim.

The letter further states, “It is logical to assume that security and privacy responsibility resides at the highest level of government.  We are troubled by the fact that the President either did not know, or did not care, that the personal and financial data collected as part of Obamacare is not secure.”

“We already know of numerous attempts to hack into the system and can only assume many more have gone unreported,” the Congressmen wrote.  “Unless the Obama Administration takes swift action to address security, it is likely the worst is yet to come.”

The full letter can be found here.

###