At a congressional hearing on the security of Healthcare.gov today, House representatives posed questions on nearly anything but the online marketplace’s potential vulnerabilities. "There really isn’t any evidence present that would make us doubt [Healthcare.gov’s security]," Representative John Yarmuth (D-KY) said in questioning before turning back to the website’s botched launch on October 1st.
Security questions were few and far between
The hearing’s focus moved from security to usability at almost every turn, with representatives grilling Henry Chao, the deputy chief information officer for the Centers for Medicare and Medicaid Services, on why the site hasn't been fully operational. "We are working around the clock to fix our performance issues so that the vast majority of users have a smooth performance by the end of the month," Chao said, reiterating an existing promise by the administration.
Many representatives were instead interested in discussing a report that the House Energy and Commerce Committee, which was conducting the hearing, gave to the Washington Post and was published there this morning. The report reveals that an independent group of reviewers warned in March that there were many potential risks leading up to an October 1st launch date of Healthcare.gov. Chao said that he had not read the report — a fact that a few representatives chided him on. "The much talked about ... document from the Washington Post this morning," Representative Michael Burgess (R-TX) reminded him, "Which of course, you have not seen."
Chao did reveal that Healthcare.gov had detected one hacking attempt, but that the attempt was not successful. "Consumers should feel confident in trusting [Healthcare.gov] with their personal information," Chao said. He explained that the website does penetration testing on a weekly basis, runs malware scans every three minutes, and has a security operations team present 24/7, among other measures to prevent hackers. Chao said that he was unable to detail the one hacking attempt any further, as the information was classified.
"[Republicans] do not want the website to work."
Most of the reported security concerns Chao chalked up to training or technical issues that have since been resolved, reporting that no further vulnerabilities have been identified. While Democrats were more likely to wave off security issues, the Republicans who did express concerns largely didn't direct their questioning toward them. "The message coming from our Republican colleagues is that they do not want the website to work and they want to scare people from using the website," Representative Paul Tonko (D-NY) said. It's possible that security issues could become a bigger concern down the road, when there's a more functional website to meddle with, but for now it seems that legislators on both sides of the aisle are just concerned with what went wrong and when it'll be working — even if they are interested in seeing different outcomes.