Smith to Obama: Mr. President, Take Down this Website

Nov 19, 2013

Washington, D.C. – Science, Space, and Technology Committee Chairman Lamar Smith (R-Texas) today called on President Obama to immediately take down Healthcare.gov in order to ensure the safety and security of the personal data of Americans who have used the Obamacare website.  Chairman Smith made the statement following testimony from online security experts at a hearing today before the Science Committee examining flaws and vulnerabilities in the website that put the personal data of Americans at risk.  All but one witness at today’s hearing said that they would immediately pull down the site in order to address the security flaws. 

Chairman Smith: “President Obama has a responsibility to ensure that the personal and financial data collected as part of Obamacare is secure. It is clear that is not the case today. In their haste to launch the Healthcare.gov website, it appears the Obama administration cut corners that leave the site open to hackers and other online criminals.  As a result, the personal information that has already been entered into Healthcare.gov is vulnerable to identity thieves.  We already know of at least 16 attempts to hack into the system.  But we can assume that many more security breaches have not been reported. 

“Given the testimony we have heard today, there is only one reasonable course of action. Mr. President, take down this website.”

The data passing through the Healthcare.gov website is one of the largest collections of personal information ever assembled, linking information from seven different federal agencies along with state agencies and government contractors. In order to gain information on potential healthcare coverage through the website, users must input personal contact information, birth dates and social security numbers as well as financial information. 

Witnesses today outlined the significant threat posed by identity theft to Americans if hackers gained such information. David Kennedy, a “white hat hacker” who testified today, gave a demonstration of the website’s vulnerabilities showing in real-time that hackers are attempting to access personal information on the website. Not only is the website vulnerable, but it’s under attack.  When asked whether he believed the website had already been compromised by hackers, Mr. Kennedy testified that he believed the website has either already been hacked or soon will be.   

The following witnesses testified today before the Subcommittee:

Mr. Morgan Wright, Chief Executive Officer, Crowd Sourced Investigations, LLC

Dr. Fred Chang, Bobby B. Lyle Centennial Distinguished Chair in Cyber Security, Southern Methodist University

Dr. Avi Rubin, Director, Health and Medical Security Laboratory Technical Director, Information Security Institute, Johns Hopkins University (JHU)

Mr. David Kennedy, Chief Executive Officer, TrustedSEC, LLC

For additional information about the hearing, including witness testimony, visit the Science, Space, and Technology Committee website.