|
 In a public messaging tug-of-war that will likely intensify in
coming weeks, the Republican-led House of Representatives targeted
the healthcare reform law in three separate oversight hearings. Two
were geared toward Republican claims that HealthCare.gov remains
vulnerable to hackers more than three months after its botched
October 1 rollout.
Democrats accused Republicans of "cherry picking" partial
information about the website to try and scare consumers away from
it. Later in the day, Obamacare supporters, including federal and
state officials, staged a six-hour presentation on YouTube.com
intended to drive enrollment among 18-to-34-year-olds.
The administration also disclosed plans for a media promotion
campaign during next month's Winter Olympics in Sochi, Russia, and
unveiled 30-second ads with former basketball stars Magic Johnson
and Alonzo Mourning.
U.S. officials are eager to boost youth participation, which is
widely seen as vital to the success of President Barack Obama's
signature domestic policy achievement.
The administration needs enough young people, who are typically
healthier, so that their premiums will help offset costs from older
enrollees and prevent insurers from raising their rates.
Officials hope to enroll more than 2.5 million young Americans in
coverage by a March 31 deadline. So far they have signed up only
about one-fifth of that number, partly due to early technical
glitches at HealthCare.gov.
While the performance of the website has greatly improved, the Obama
administration is contending with fresh attacks from Republicans
eager to highlight the healthcare reform's flaws, including security
questions.
"It seems to defy common sense that a website plagued with
functional problems was, in fact, perfectly secure by design," said
Darrell Issa, chairman of the House Oversight and Government Reform
Committee, who presided over one of Thursday's security hearings.
At another Republican-led hearing, a cybersecurity professional
warned that the federal government has failed to implement fixes
necessary to protect the HealthCare.gov website from hackers.
"HealthCare.gov is not secure today," David Kennedy, head of
computer security consulting firm TrustedSec LLC, told the House
Science, Space and Technology Committee.
HealthCare.gov is the consumer web portal to a 36-state federal
health insurance marketplace, which offers private insurance, with
federally subsidized rates for some consumers. The 14 other states
have built their own marketplaces.
Kennedy said "nothing has really changed" since a hearing before the
same committee in November when he and three other expert witnesses
said they believed the site was not secure and three of them said it
should be shut down immediately.
"I don't understand how we're still discussing whether the website
is insecure or not," said Kennedy, who worked for the National
Security Agency and the U.S. Marine Corps before entering the
private sector. "It is insecure — 100 percent."
[to top of second column] |
Before the hearing, Kennedy told Reuters the government has yet to
plug more than 20 vulnerabilities that he and other security experts
reported to the government shortly after HealthCare.gov went live on
October 1. Hackers could steal personal information, modify data,
attack the personal computers of website users and damage the
infrastructure of the site, Kennedy said in an interview.
The Centers for Medicare and Medicaid Services (CMS), the federal
agency responsible for HealthCare.gov, said in a statement to
Reuters, "There have been no successful security attacks on
Healthcare.gov and no person or group has maliciously accessed
personally identifiable information from the site."
CMS said Kennedy's methodology undermined his findings: "Because
this individual had no direct access to the operations of the
HealthCare.gov website, the information in the report is based on
assumptions, not fact."
The agency's information security chief also publicly tried to
reassure lawmakers that the site is safe.
The CMS chief information security officer, Teresa Fryer, said the
website underwent end-to-end security testing on December 18 and met
all industry standards.
"The (federal marketplace) is secure. In many instances, we have
gone above and beyond what is required, with layered protection,
continuous monitoring and additional penetration testing," Fryer
said before the House Oversight panel.
Democratic Representative Elijah Cummings charged that Republicans
were "cherry-picking partial information to promote a narrative that
is inaccurate" about the Obamacare website, when its security was
"strong and keeps getting stronger".
Instead of holding ever more hearings on the Obamacare website,
lawmakers should be looking into the massive data breach affecting
millions at Target Corp, Cummings said at the hearing where CMS's
Fryer appeared.
As the hearings took place, Republicans sought to amplify their
anti-Obamacare message by advancing another bill to tweak the law.
The legislation, which passed by a 259-154 vote, would require the
Obama administration to issue weekly enrollment statistics.
The White House considers the transparency bill another Republican
attempt to harass implementation of its healthcare reform. However,
33 Democrats voted for the bill. Last week, the House passed a
Republican measure that would require the government to notify
consumers in two days if their personal information on
HealthCare.gov has been compromised.
(Additional reporting by Susan Cornwell, Doina Chiacu and Bill Trott
in Washington; editing by Karey Van Hall and Leslie Adler)
[© 2014 Thomson Reuters. All rights
reserved.] Copyright 2014 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.
 |
