House committees had three Patient Protection and Affordable Act implementation hearings going on at the same time Thursday morning.
The House Oversight and Government Reform Committee brought in Kevin Charest, the chief information security officer at the U.S. Department of Health and Human Services, and Teresa Fryer, director of the enterprise information security group at the Centers for Medicare & Medicaid Services.
The committee also hauled in Frank Baitman, the HHS chief information officer.
Republicans asked witnesses detailed questions about whether HealthCare.gov went live without an adequate review process.
The Republican members said they’d gotten one security report, from September, from one of the HealthCare.gov contractors, but that they were having trouble getting other site security documents and didn’t even know about a new report created in December.
Fryer said she’d have to ask her agency about providing a full report.
“Those are sensitive documents,” Fryer said. “We don’t like to have them out there.”
Rep. Gerry Connolly, D-Va., argued that, if someone does give the committee the full security plan, someone could accidentally leak the plan and bring on the kind of attack that the committee is supposed to try to prevent.
Charest provided written testimony that described the Federal Information Security Management Act data security requirements that apply to the exchange.
The House Committee on Science, Space and Technology presented witnesses who talked about the threat of thieves using exchange systems to steal the users’ identities.
Waylon Krush of Lunarline, a cyber-security company, said all computer systems face security risks and that many other government sites seem to be of greater interest to would-be criminals.