Washington, D.C. – Science, Space, and Technology Committee Chairman Lamar Smith (R-Texas) today sent a letter to the U.S. Government Accountability Office (GAO) calling on them to conduct a full and thorough review of the security risks associated with the Healthcare.gov website. The Committee has held multiple hearings to examine concerns over the security of the Obamacare website. Experts have testified that comprehensive testing is the only way to ensure the security of Americans’ personal information.
“The data obtained by Healthcare.gov is one of the largest collections of personal information ever assembled. It links information between seven different federal agencies and state agencies, as well as government contractors, making it a goldmine of Americans’ personally identifiable information,” Chairman Smith wrote. “But in their rush to launch the website, the Obama Administration appears to have cut corners that have put the personal data of millions of Americans at risk. In addition to the website’s initial security failings, many Americans now worry about how the Heartbleed Bug may compound the risk of financial or medical identity theft for those forced by the government to create Healthcare.gov accounts.”
In a hearing held shortly after the website’s launch, security experts testified that an accurate, independent and impartial report on the security of Healthcare.gov is needed. GAO is currently conducting an audit of the security and privacy of Healthcare.gov. But it will not include penetration testing, source code analysis, a review of the developer supply chain, or an examination of secure code practices through the software development lifecycle.
“The American people deserve a thorough audit of the website to ensure that their personal data, including birth dates, social security numbers and household incomes, is secured,” Smith wrote. “As the primary, non-partisan agency tasked with shedding light on government programs, GAO has a responsibility to conduct a full and thorough review of Healthcare.gov. This is one of the largest undertakings by the federal government in our nation’s history—and the stakes are high to ensure that the website is secure.”
The letter requests that GAO expand its review to include more comprehensive analysis of potential security vulnerabilities. To better identify exposure risks, the letter calls on GAO to utilize the expertise of outside security specialists and private sector individuals, organizations, or companies that specialize in technical information security assessments.
The full letter can be found here.