Steve Daines Questions Cybersecurity Official About Risks in Healthcare.gov
Today, November 13, Montana Congressman Steve Daines questioned Roberta Stempfley, the Assistant Secretary of the Department of Homeland Security Office of Cybersecurity and Communications, about why nothing was done to patch up security flaws in the Obamacare healthcare exchanges.
As part of the questioning, Daines referred to a memo that was reportedly distributed by staff at the Center for Medicaid and Medicare Services, but not apparently to Healthcare.gov project manager Henry Chao. The memo warned of flaws nearly a month before the exchanges opened on October 1. The memo indicated multiple cybersecurity risks, including "identity theft, unauthorized access, and misrouted data."
"This was given to senior officials at CMS," Daines said. "There were two high-risk issues that were redacted for security reasons. The memo said the threat and the risk potential is limitless. [The memo] said that CMS said the deadlines to fix these were between mid-2014 and early 2015."
Daines asked Stempfley if she would have rolled out the website even if she knew cybersecurity risks could not be fixed until 2015, but Stempfley refused to answer, saying simply "these are very difficult decisions that you make, and I couldn't speak to a theoretical."
Daines said that “ironically” the website's failures may have helped protect American privacy.
“The irony, perhaps, in this is that the failure of the website launch on Obamacare may indeed have been the best safeguard for the American people to protect their personal privacy given the risks now that are being identified in this launch."
Daines was questioning Stempfley as part of his role as Vice Chairman of the House Homeland Security Subcommittee on Oversight and Management Efficiency.