Memo: 'Limitless' security risks for healthcare.gov website
CBS is reporting that in preliminary testimony last week to the House Oversight Committee, healthcare.gov chief project manager said that he was unaware of a memo that said security problems with the site were "limitless" and that they wouldn't be fixed until the middle of 2014 or perhaps 2015.
Henry Chao, HealthCare.gov's chief project manager at the Centers for Medicare and Medicaid Services (CMS), gave nine hours of closed-door testimony to the House Oversight Committee in advance of this week's hearing. In excerpts CBS News has obtained, Chao was asked about a memo that outlined important security risks discovered in the insurance system.
Chao said he was unaware of a Sept. 3 government memo written by another senior official at CMS. It found two high-risk issues, which are redacted for security reasons. The memo said "the threat and risk potential (to the system) is limitless." The memo shows CMS gave deadlines of mid-2014 and early 2015 to address them.
But Chao testified he'd been told the opposite.
"What I recall is what the team told me, is that there were no high findings," he said.
Chao testified security gaps could lead to identity theft, unauthorized access and misrouted data.
According to federal guidelines, high risk means "the vulnerability could be expected to have a severe or catastrophic adverse affect on organizational operations ... assets or individuals."
It was Chao who recommended it was safe to launch the website Oct. 1. When shown the security risk memo, Chao said, "I just want to say that I haven't seen this before."
A Republican staff lawyer asked, "Do you find it surprising that you haven't seen this before?"
Chao replied, "Yeah ... I mean, wouldn't you be surprised if you were me?"
If the name Henry Chao sounds familiar it's because he expressed the hope at a gathering of insurance execs last March that navigating the website wouldn't be "a third world experience." Would that this was the case today.
Chao claims ignorance of the memo, which isn't surprising giving the shocking revelations contained therein.This proves that the administration was absolutely determined to launch Obamacare on October 1 come hell or high water. But more to the point, what does it say about an administration that actively encourages people to visit a site where their personal information has an excellent chance of being hacked?
Lambs to the slaughter.