Hacker to testify on ObamaCare security

A computer hacker will testify on Capitol Hill to expose the security cracks in the ObamaCare website.

The House Science Committee is the latest panel to delve into the rocky implementation of ObamaCare.

ADVERTISEMENT
Committee Chairman Lamar Smith (R-Texas) wants to demonstrate the lax privacy safeguards when an individual logs on to the website, divulging sensitive personal information.

“The website requires users to input personal information like birth dates, Social Security numbers and household incomes to obtain information about potential health coverage. But security experts have expressed concern about flaws in the site that put this personal data at risk and subject users to the threat of identity theft,” the House Science, Space and Technology Committee chairman said in a statement.

Smith has lined up a panel of cybersecurity experts to demonstrate the vulnerabilities inherent in HealthCare.gov, which is the central portal through which individuals apply for health insurance through ObamaCare.

It is unclear if any of the witnesses will attempt to hack the system in real time. 

David Kennedy, considered to be a “white hat” hacker, is scheduled to appear before the committee on Nov. 19. He has been hired by major companies to hack into their systems to assess vulnerabilities, according to a source familiar with the hearing.

Kennedy, the head of his own security consulting company TrustedSec, has done work for the National Security Agency and the U.S. Marine Corps in “cyber warfare and forensics analysis,” his official biography states.

Morgan Wright, an expert in cybersecurity, will testify to the operations dysfunction that could lead to potential fraud when consumers try to sign up on the insurance exchange.

Wright said the Obama administration could not have completely complied with the privacy provisions in the Federal Information Security Management Act when it was making changes to the website a day or two before the ill-fated Oct. 1 launch. 

“It is inconceivable that there could have been a comprehensive security review if they were still making major changes and substantial changes to it one or two days before,” it went live, Wright said.

The Science panel invited White House Chief Technology Officer Todd Park to defend the website’s possible security flaws at next week’s hearing.

In the letter to Park obtained by The Hill, Smith explained that the hearing “will examine concerns about the lack of privacy standards for personal information passing through the HealthCare.gov website and the threat posed to Americans if hackers on the Internet gained access to such information.”

According to a source, the White House “declined” to make Park available to testify before the Science panel that has jurisdiction over the website security functions.

Park was subpoenaed to appear before the House Oversight and Government Reform Committee on Wednesday as part of a hearing on the rollout of the entire website.

Late last month at an Energy and Commerce Committee hearing, Rep. Mike Rogers (R-Mich.) expressed concerns about privacy protections surrounding ObamaCare.

The Intelligence Committee chairman told Health and Human Services Secretary Kathleen Sebelius, “This is a completely unacceptable level of security … you know it’s not secure.”

Wright said the lack of security precautions could mean the “government may become an unwitting conspirator in the most massive fraud ever committed because [government officials] didn’t think through” the potential for criminals to scam the system.