Republicans Question President about Healthcare.gov Security

Dec 11, 2013

Washington, D.C. – Republicans on the Science, Space, and Technology Committee today sent a letter to President Obama requesting information about what his administration is doing to address the security risks and privacy concerns surrounding the Obamacare website, Healthcare.gov. 

In early December, a top administration official praised the progress that has been made in fixing the website’s accessibility, claiming that the site can now “support intended volumes” of users. However, it appears that the larger security and privacy issues remain unaddressed. 

In today’s letter, the members expressed concern that in its haste to fix the capacity of the website, the Obama administration has once again ignored glaring security concerns.

“While more people may be able to access the site, without much-needed security enhancements, this simply means that more Americans are vulnerable to online criminals and identity theft,” the members wrote.  “Mr. President, your Administration has an obligation to ensure that the personal, financial, and account information collected as part of the Affordable Care Act is secure. Unfortunately, in its haste to launch the Healthcare.gov website, it appears that your administration has cut corners that have left the website open to hackers and other online criminals.” 

According to the members, without adequate security measures, Healthcare.gov essentially becomes a portal for online criminals to access even more sensitive, personal data. The letter requests that the President outline explicit steps that have been taken to improve the security of Healthcare.gov, and asks who within the administration is ultimately responsible for ensuring Americans’ personal information remains secure.

At a hearing before the Science Committee on November 19, leading computer security experts from the private sector and academia outlined the significant threats posed to Americans by identity theft. One witness, David Kennedy, is a so-called “white hat hacker” who helps private sector companies secure their websites and data from online criminals.  Mr. Kennedy gave a demonstration of real vulnerabilities with Healthcare.gov, showing how hackers are attempting to access personal information via the website.  Even more troubling, Mr. Kennedy testified that there are “clear indicators that even basic security was not built into the Healthcare.gov website.”

The data passing through the Healthcare.gov website is one of the largest collections of personal information ever assembled, linking information from seven different federal agencies along with state agencies and government contractors.  Americans who use the site must input personal contact information, birth dates and social security numbers, as well as income, tax and other financial information.

Science Committee Chairman Lamar Smith (R-Texas) was joined by 21 Republican members of the Science Committee in sending today’s letter, including: Reps. Jim Bridenstine (R-Okla.), Mo Brooks  (R-Ala.), Paul Broun (R-Ga.), Larry Bucshon (R-Ind.), Chris Collins (R-N.Y.), Kevin Cramer (R-N.D.), Ralph M. Hall (R-Texas), Randy Hultgren (R-Ill.), Frank D. Lucas (R-Okla.), Cynthia Lummis (R-Wyo.),  Thomas Massie (R-Ky.), Michael T. McCaul (R-Texas), Randy Neugebauer (R-Texas), Steven Palazzo (R-Miss.), Bill Posey (R-Fla.), Dana Rohrabacher (R-Calif.), David Schweikert (R-Ariz.),  Jim Sensenbrenner (R-Wis.), Chris Stewart (R-Utah), Steve Stockman (R-Texas), and Randy Weber (R-Texas).

The full letter can be found here.