Healthcare.gov Vulnerable to ‘Massive Identity Theft’
Washington, D.C. – In order to ensure the safety and security of Americans’ personal data, Science, Space, and Technology Committee Chairman Lamar Smith (R-Texas) today called on President Obama to formally certify the safety and security of Healthcare.gov.
Chairman Smith: “When the Obama Administration launched Healthcare.gov, Americans were led to believe that the website was safe and secure. As we have learned, this was not the case. If Americans’ information is not secure, then the theft of their identities is inevitable and dangerous. It is obvious that Healthcare.gov is in need of an outside, independent audit. The President should formally certify the safety requirements, security standards and privacy conditions of Healthcare.gov. Given the potential risks and dangers associated with Healthcare.gov today, the President should not let the American people be the next target of cyber criminals.”
The Science Committee held a hearing in November that outlined the significant threat to Americans if hackers gained information through Healthcare.gov. Witnesses today outlined the consequences of identity theft. David Kennedy, a “white hat hacker” who testified in November, provided an update to Committee members on his finding.
Mr. Kennedy submitted a letter that was signed by seven other security researchers who independently reviewed his analysis of vulnerabilities. According to one of the experts, Mr. Kevin Mitnick, who was once the world’s most wanted hacker, a breach may result in “massive identity theft never seen before.” Mr. Mitnick said “It's shameful the team that built the Healthcare.gov site implemented minimal, if any, security best practices to mitigate the significant risk of a system compromise.”
Several other recent events have raised concerns about the handling of the website. In December, a former senior security expert at the Centers for Medicare and Medicaid Services stated that she recommended against launching the Healthcare.gov website on October 1st because of “high risk security concerns.”
The data passing through the Healthcare.gov website is one of the largest collections of personal information ever assembled, linking information from seven different federal agencies along with state agencies and government contractors. A recent report by the credit bureau and consumer data tracking service Experian forecasts an increase in data breaches in 2014, particularly in the healthcare industry.
The following witnesses testified today before the Subcommittee:
Mr. David Kennedy, Chief Executive Officer, TrustedSEC, LLC
Mr. Waylon Krush, Co-Founder and CEO, Lunarline, Inc.
Mr. Michael Gregg, Chief Executive Officer, Superior Solutions, Inc.
Dr. Lawrence Ponemon, Chairman and Founder, Ponemon Institute
For additional information about the hearing, including witness testimony, visit the Science, Space, and Technology Committee website.