Security concerns about HealthCare.gov are overblown, Democrats say

HHS officials report just 32 security incidents since the site has launched

Security concerns raised by Republican critics of the U.S. Department of Health and Human Services' botched rollout of HealthCare.gov have been overstated, according to a memo released Friday by two Democratic members of Congress.

HHS officials, in a briefing to lawmakers this week, reported just 32 security incidents at HealthCare.gov since its Oct. 1 launch, and "there have been no successful security attacks," said the memo from Democratic Representatives Henry Waxman of California and Diana DeGette of Colorado.

The briefing was "reassuring," the lawmakers wrote. "The security of Healthcare.gov has not been breached, and hackers have had no access to personally identifiable information. HHS officials indicated that they were conducting 24-7 system monitoring and ongoing assessments in order to ensure and strengthen system security."

But it's concerning that HHS officials have found so few security incidents, said a spokeswoman for Representative Mike Rogers, a Michigan Republican who has questioned the site's security. Websites of comparable size to HealthCare.gov averaged more than 230 security incidents a day in the past year, said spokeswoman Kelsey Knight.

The lack of reported security incidents "is more concerning to us," she said. "That report shows that there's no system monitoring."

A cybersecurity expert has pointed out one security flaw at the site that could lead to phishing exploits, said Knight, whose boss is chairman of the House Intelligence Committee.

Eleven of the 32 security events remained under investigation as of Wednesday, Waxman and DeGette wrote in the memo.

Security investigators at HHS classified one of the remaining 21 events as an unsuccessful probe of the site and two incidents as inappropriate use of the site in violation of acceptable use policies. One of those two incidents was a denial-of-service attempt using malware called Destroy Obamacare, the memo said. Obamacare is the common name for the 2010 Affordable Care Act, the health insurance reform law that created HealthCare.gov.

Security investigators classified 15 of the incidents as unauthorized access, in which a website user gained unauthorized access to information. Those cases "were isolated in nature" and generally involved software bugs, the memo said. In one case that's been publicized, one user's personal information was shared with another user, the memo said, but "none of these events involved a significant breach of personal information."

In addition, security researchers ultimately decided two other events turned out to be "non-incidents," the memo said.

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's email address is grant_gross@idg.com.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags governmentinternetindustry verticalshealth careGovernment use of ITU.S. Department of Health and Human ServicesHenry WaxmanU.S. CongressMike RogersHealthcare.govKelsey KnightDiana DeGette

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Grant Gross

IDG News Service
Show Comments

Cool Tech

Toys for Boys

Family Friendly

Stocking Stuffer

SmartLens - Clip on Phone Camera Lens Set of 3

Learn more >

Christmas Gift Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Michael Hargreaves

Microsoft Office 365/Dell XPS 15 2-in-1

I’d recommend a Dell XPS 15 2-in-1 and the new Windows 10 to anyone who needs to get serious work done (before you kick back on your couch with your favourite Netflix show.)

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?