By Reps. Lamar Smith (R-Texas) and Darrell Issa (R-Calif.) - 01/14/14 05:19 PM EST
OPINION l When it comes to ObamaCare, the president’s broken promises are piling up.
First he promised that if you like your plan you can keep it. But for millions of people, that turned out not to be true.
The president said that ObamaCare would help make health insurance more affordable. Across the country, millions of people are seeing their premiums go up, not down.
Finally, when the Obama administration launched HealthCare.gov on Oct. 1, people were led to believe the website was safe, secure and open for business. Once again, it’s not true.
Beyond the well-documented system crashes and breakdowns, HealthCare .gov is exposing people to hackers and online criminals.
At a hearing on Nov. 19, the Committee on Science, Space and Technology received troubling testimony from online security experts regarding the flaws and vulnerabilities of the ObamaCare website. The expert witnesses outlined the significant risk of identity theft to people if hackers were to gain access to their personal information.
One witness, David Kennedy, a so-called “white hat hacker” who works for the good guys, gave a demonstration of the real vulnerabilities with HealthCare .gov. According to his testimony, not only is the website vulnerable, it is under attack. Even more troubling, Kennedy testified that there are “clear indicators that even basic security was not built into the HealthCare.gov website.”
All four experts, including one selected by the Democratic minority, testified that the website is not secure and should not have been launched. At a hearing Thursday morning, Kennedy and other security experts will update Science Committee members with new information on vulnerabilities.
We also now know from testimony and documents obtained by the Oversight and Government Reform Committee that the Obama administration proceeded with the Oct. 1 site launch despite known weaknesses, incomplete testing and against the advice of its own top expert.
The top cybersecurity official at the agency in charge of the site testified that incomplete testing led her to recommend against its launch.
“We couldn’t mitigate or remediate those unknown risks,” she added in explaining her recommendation.
This means more people are now vulnerable to online criminals and identity theft. On Thursday morning, the Oversight Committee will hold a hearing with this official to learn more about her lingering concerns, as well as those she expressed prior to the site’s launch.
The same top official testified that there has already been an incident that resulted in the improper disclosure of a user’s personal information. The agency continues to find serious security vulnerabilities that were initially missed due to incomplete testing prior to launch.
The administration’s recent efforts to fix the website’s capacity problems continue to expose new weaknesses in the site’s security. Experts have recommended steps to strengthen security, including complete end-to-end testing and integration of secure code analysis into the software processes. But at this point, security and privacy issues have not been fully resolved.
The data passing through HealthCare .gov is one of the largest collections of personal information ever assembled, linking Social Security numbers, birth dates, tax and other financial information from seven different federal agencies, along with state agencies and government contractors.
A recent report issued by Experian estimated more than 1.8 million U.S. identity theft victims in 2013 alone. As a result of ObamaCare, the report forecasted increased medical identity thefts in 2014, stating “the healthcare industry is facing a perfect storm that could cause significant business disruption.” We are troubled that the president either did not know, or did not care, that the personal and financial data collected as part of ObamaCare is not secure.
The president has tried to distance himself from these security and privacy problems. But numerous White House officials played key roles in the creation of HealthCare.gov.
White House health czar Nancy-Ann DeParle began coordinating the interagency effort for the new health law and was eventually replaced by Jeanne Lambrew in that role. Assistant to the president Todd Park and chief information officer Steve VanRoekel helped lead a White House steering committee responsible for security and privacy working groups and the technology components of the Affordable Care Act. From documents provided to Congress, it appears this committee canceled five consecutive months of meetings before the website was launched, even after a briefing warned of limited testing.
We believe that threats to people’s security and privacy remain the responsibility of the highest level of government. Unfortunately, in their haste to launch the website, the Obama administration intentionally cut corners, leaving the site wide open to hackers and other online criminals. We already know of numerous attempts to hack into the system and can only assume many more have gone unreported. The administration should be held accountable and must cooperate with Congress. Unless there is swift action to address these issues, the worst is yet to come from this ill-conceived law.
Smith has represented Texas’s 21st Congressional District since 1987. He is chairman of the House Science, Space and Technology Committee. Issa has represented California’s 49th Congressional District since 2001. He is chairman of the House Oversight and Government Reform Committee.