Testing IT security for Obamacare exchanges months behind

Rick Moran
Would you buy insurance from the online exchanges if you knew that there was a possibility your information could be hacked?

That's a decision millions of Americans are going to have to make when the sites go live on October 1.

Reuters:

The federal government is months behind in testing data security for the main pillar of Obamacare: allowing Americans to buy health insurance on state exchanges due to open by October 1

The missed deadlines have pushed the government's decision on whether information technology security is up to snuff to exactly one day before that crucial date, the Department of Health and Human Services' inspector general said in a report.

As a result, experts say, the exchanges might open with security flaws or, possibly but less likely, be delayed.

"They've removed their margin for error," said Deven McGraw, director of the health privacy project at the non-profit Center for Democracy & Technology. "There is huge pressure to get (the exchanges) up and running on time, but if there is a security incident they are done. It would be a complete disaster from a PR viewpoint."

The most likely serious security breach would be identity theft, in which a hacker steals the social security numbers and other information people provide when signing up for insurance.

The inspector general's report, released without fanfare last Friday, found that the Centers for Medicare & Medicaid Services or CMS - the agency within HHS that is running Obamacare - had set a May 13 deadline for its contractor to deliver a plan to test the security of the crucial information technology component.

A test was to have been performed between June 3 and 7. But the delivery deadline slipped and the test - assessing firewalls and other security elements - is now set for this week and next.

"CMS," concludes the inspector general's report, "is working with very tight deadlines."

The delays mean that the ruling by CMS's chief information officer certifying the Obamacare IT system as secure will be pushed back from September 4 to September 30, a day before enrollment under the Patient Protection and Affordable Care Act, the law that established Obamacare, is supposed to start.

"Several critical tasks remain to be completed in a short period of time," the report concluded.

The report was released "without fanfare" says Reuters. On a Friday, of course. The fact that it took until Wednesday for anyone to notice is remarkable.

Even if there are a lot of holes in the firewalls of these sites that put people's info at risk, it is doubtful they will delay opening the exchanges. It is an absolute political necessity for Obamacare to roll out on time - even if there are going to be gigantic glitches.

But after reading that Reuters article, are you going to trust your personal information to government IT techs more concerned with saving Obamacare than protecting your privacy?



Would you buy insurance from the online exchanges if you knew that there was a possibility your information could be hacked?

That's a decision millions of Americans are going to have to make when the sites go live on October 1.

Reuters:

The federal government is months behind in testing data security for the main pillar of Obamacare: allowing Americans to buy health insurance on state exchanges due to open by October 1

The missed deadlines have pushed the government's decision on whether information technology security is up to snuff to exactly one day before that crucial date, the Department of Health and Human Services' inspector general said in a report.

As a result, experts say, the exchanges might open with security flaws or, possibly but less likely, be delayed.

"They've removed their margin for error," said Deven McGraw, director of the health privacy project at the non-profit Center for Democracy & Technology. "There is huge pressure to get (the exchanges) up and running on time, but if there is a security incident they are done. It would be a complete disaster from a PR viewpoint."

The most likely serious security breach would be identity theft, in which a hacker steals the social security numbers and other information people provide when signing up for insurance.

The inspector general's report, released without fanfare last Friday, found that the Centers for Medicare & Medicaid Services or CMS - the agency within HHS that is running Obamacare - had set a May 13 deadline for its contractor to deliver a plan to test the security of the crucial information technology component.

A test was to have been performed between June 3 and 7. But the delivery deadline slipped and the test - assessing firewalls and other security elements - is now set for this week and next.

"CMS," concludes the inspector general's report, "is working with very tight deadlines."

The delays mean that the ruling by CMS's chief information officer certifying the Obamacare IT system as secure will be pushed back from September 4 to September 30, a day before enrollment under the Patient Protection and Affordable Care Act, the law that established Obamacare, is supposed to start.

"Several critical tasks remain to be completed in a short period of time," the report concluded.

The report was released "without fanfare" says Reuters. On a Friday, of course. The fact that it took until Wednesday for anyone to notice is remarkable.

Even if there are a lot of holes in the firewalls of these sites that put people's info at risk, it is doubtful they will delay opening the exchanges. It is an absolute political necessity for Obamacare to roll out on time - even if there are going to be gigantic glitches.

But after reading that Reuters article, are you going to trust your personal information to government IT techs more concerned with saving Obamacare than protecting your privacy?