House Oversight Committee Chairman Darrell Issa (R-Calif.) accused the Obama administration of lying about the security of the HealthCare.gov website at a hearing on Tuesday.
Issa said the administration’s claims that the website was adequately tested before its launch, that it's tested on an ongoing basis, and that nobody in the administration pushed for a delay of the rollout over security issues conflicts with the administration’s insistence Issa not release documents from a contractor, because they could be used as a roadmap for hackers.
“You cannot continue to tell people there is no problem, that there was no problem on Oct. 1 — you cannot tell people it has been mitigated but tell them, don’t release the documents because it’s a pathway for hackers,” he continued. “So I will assume that the truth is the site was vulnerable on launch date, they went ahead with known vulnerabilities, and that they continue to have unknown areas that could cause information to remain available ... we can take no other assumptions.”
Caught in the dispute is MITRE Corp., a contractor working to assess security issues with the ObamaCare website.
MITRE has said documents Issa obtained through subpoena included "software code and other technical information that is highly sensitive and could give hackers a roadmap to compromise the security of the website and the personal information of consumers."
On Tuesday, Oversight Committee ranking member Elijah Cummings (D-Md.) bemoaned Congress’s 23rd hearing on the security of personal information at HealthCare.gov. Democrats have consistently accused Republicans of using scare tactics to keep people away from the website in an attempt to undermine the law.
“We received testimony two weeks ago from the chief information security officer of [the Centers for Medicare & Medicaid Services],” Cummings said. “She told us, ‘There have been no successful security attacks on the FFM [Federally Facilitated Marketplace], and no person or group has maliciously accessed personally identifiable information.’ ”
“The chief information security officer also said that, following security testing in December, HealthCare.gov has a ‘clean bill of health,’ ” he continued. “Although no system is hack-proof, she said she is ‘confident based on the recent security controls assessment and the additional security protections in place that the FFM is secure.’ ”
The committee will hear testimony Tuesday from Health and Human Services Chief Information Security Officer Kevin Charest, as well as a top figure from MITRE Corp. but voted unanimously to conduct the hearing in a closed executive session to protect sensitive information.
Issa has previously accused HHS Secretary Kathleen Sebelius of ignoring security warnings and providing “false and misleading” testimony to Congress, and has threatened to investigate her for perjury, as well as accused the administration of obstructing its ObamaCare investigation.
Issa contends documents he obtained and briefings he conducted indicate that, contrary to Sebelius’s testimony, MITRE was not conducting ongoing security testing of the website after the launch, that MITRE raised red flags about the security of the website before the launch, and that the HHS ignored a recommendation from MITRE to delay the launch because of security fears.
In a letter obtained by The Hill last week, HHS rebuked each of these allegations and documented the ongoing security testing at the website. Democrats have accused Issa of recklessly handling sensitive material and cherry-picking data to mislead the public.