Washington, D.C. – Science, Space, and Technology Committee Chairman Lamar Smith (R-Texas) released the following statement after news reports revealed that a hacker breached the Obamacare website. In November, Smith called on President Obama to immediately take down Healthcare.gov in order to ensure the safety and security of Americans’ personal data. Chairman Smith made the statement following strong testimony from online security experts about flaws and vulnerabilities in the website.
Chairman Smith: “The President has continually ignored warnings from online security experts about the security of Americans’ sensitive information on Healthcare.gov. When the website was launched, corners were cut. In the months following, expert warnings have been routinely dismissed. As a result, the Obamacare website was successfully hacked last month for the first time that we know of. The full extent of the breach is not yet known and there could be many more infiltrations that have gone undetected. But it’s clear that this administration failed in its responsibility to protect Americans’ personal and financial information from online criminals.”
At a hearing before the Science Committee in November, 2013, leading computer security experts from the private sector and academia outlined the significant threats posed to Americans by identity theft. One witness, David Kennedy, a “white hat hacker” gave a demonstration of real vulnerabilities with Healthcare.gov, showing how hackers are attempting to access personal information via the website. Mr. Kennedy testified that there are “clear indicators that even basic security was not built into the Healthcare.gov website.”
At a follow-up hearing in January, 2014, witnesses outlined the significant threat posed by identity theft to Americans, if hackers gained information through Healthcare.gov. At the hearing, Chairman Smith called on President Obama to formally certify the safety and security of Healthcare.gov.
The data passing through the Healthcare.gov website is one of the largest collections of personal information ever assembled, linking information from seven different federal agencies along with state agencies and government contractors. In order to gain information on potential healthcare coverage through the website, users must input personal contact information, birth dates and social security numbers as well as financial information.
The Committee has requested U.S. Chief Technology Officer Todd Park, an Assistant to the President, to brief Members of the Oversight Subcommittee on his management and oversight of the Healthcare.gov website during development, including security protocols. The briefing is scheduled for Wednesday, September 10, 2014. Mr. Park was co-chair of the Affordable Care Act Information Technology Exchanges Steering Committee.