Close Close
Sign In
Newsletters
Popular Financial Topics Discover relevant content from across the suite of ALM legal publications From the Industry More content from ThinkAdvisor and select sponsors Investment Advisor Issue Gallery Read digital editions of Investment Advisor Magazine Tax Facts Get clear, current, and reliable answers to pressing tax questions
Luminaries Awards
Podcast Center Video Center Webcasts Resource Center Events
About ThinkAdvisor Contact Us Advertise With Us Asset & Logo Licensing Sitemap Terms of Service Privacy Policy Copyright © 2024 ALM Global, LLC. All Rights Reserved.
ThinkAdvisor

Retirement Planning > Social Security

Panel closes HealthCare.gov security hearing

By Allison Bell

X
Your article was successfully shared with the contacts you provided.

Top experts today gave members of the House Oversight & Government Reform Committee their thoughts about how hackers might try to attack HealthCare.gov.

Members of the committee unanimously voted to close the session to the public, to avoid giving hackers a tutorial on HealthCare.gov vulnerabilities.

The witnesses were Kevin Charest, chief information security officer at the U.S. Department of Health and Human Services and Milton Shomo, a principal information systems engineer at MITRE Corp., a company that’s tested HealthCare.gov security.

The written versions of the witnesses’ testimony aren’t classified documents, but the committee gave members of Congress numbered copies and prohibited members from making their own copies or taking the documents out of the hearing room.

Rep. Darrell Issa, R-Calif., the committee chairman, said in an opening statement that his staff has been unable to get information about HealthCare.gov security from HHS. He said his staff has had to rely on documents obtained from vendors, through subpoenas.

The documents suggest HHS opened HealthCare.gov to the public before data security officials thought it was ready, Issa said.

Issa said his understanding is that, under the law, a high-level federal official can approve the launch of a website simply by agreeing to accept the risk that the site could have security problems, even if the site has failed security tests or has undergone no tests.

“There is no protection against a judgment call,” Issa said.

Rep. Elijah Cummings, D-Md., the highest-ranking Democrat on the committee, noted that the hearing was the 23rd the committee’s held on the Patient Protection and Affordable Care Act and PPACA implementation.

HHS data security officials have assured Congress that HealthCare.gov is secure and has not yet been the target of a successful attack, Cummings said.

See also:

NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.