Nearly three months after its launch, HealthCare.gov underwent end-to-end security testing and passed with flying colors, the top cybersecurity official overseeing the website told Congress today.Still in question, though, is whether Darrell Issa will pass a security test. Given his habit of leaking bits of sensitive information that come into his hands as Oversight chairman, and then national media organizations running with the incomplete "scandalous" information they have, the administration has been worried about letting more information about the website's construction and its security protocols into his hands. If that kind of information were to be leaked, the security threat would be very real.
Teresa Fryer, the chief information security officer for the Centers for Medicare and Medicaid Services, told the House Oversight Committee that results from the tests have alleviated her earlier concerns about risks of cyberattacks and theft of consumers’ personal information.
“This security control assessment met all industry standards, was an end-to-end test and was conducted in a stable environment that allowed for testing to be completed in the allotted time,” Fryer told the panel.
That's why Rep. Elijah Cummings, ranking member of the Oversight Committee, has demanded that the committee put a series of protections of sensitive information. Cummings has a number of concerns, including the fact that committee staff has left sensitive information in unsecured rooms, that Issa is sharing sensitive information with outside consultants who haven't been authorized by the committee, and that the committee as a whole hasn't adopted security protocols for dealing with this kind of information. Issa delegated to a staffer to blow off all of these concerns. Issa spokeswoman Caitlin Carroll said in response, “The committee is comfortable with the protocols we have utilized to prevent the release of sensitive technical information. [...] We have also told the Minority that they are welcome to consult with us on any questions they have about information they intend to release.” Welcome to consult, but don't expect us to listen.
So if there is a major security breach to HealthCare.gov in the near future, it might worth looking at Issa's communication history. Finally there might be a use for all that information the NSA is sucking up.