Sep 29, 2015

Audit Finds HealthCare.gov Weak on Cybersecurity

Post by Freedom Partners

HealthCare.gov, the website created to administer the Affordable Care Act (ACA), has been an embarrassment to the federal government since its inception, and things don’t seem to be improving over time.

The Inspector General of the U.S. Department of Health and Human Services (HHS) released a report this month detailing a litany of poor security policies and database vulnerabilities that put millions of users’ personal information at risk.

The report found 135 distinct problems with the database’s security, including 22 “high risk” software bugs.

The website’s $110 million information storage system, called MIDAS, holds users’ personal information —including names, addresses, Social Security numbers, financial information, and employment records. All this information, according to the report, is vulnerable to a cyberattack because the Centers for Medicare and Medicaid Services (CMS) has failed to perform basic oversight duties to ensure that the proper level of security was in place throughout the system.

The Government Accountability Office is expected to release a follow-up report, detailing a number of “security incidents” that have taken place this year, including a hacking attack this summer.

These reports are just the latest in a recent series of investigations into the mismanagement of the website. Earlier reports revealed CMS paid millions more than originally reported to fix the botched roll out in 2013 and wasted hundreds of millions of taxpayer dollars by allowing unqualified employees to manage multi-million dollar contracts.

All these episodes reinforce the clear message that the federal government does not have the ability or knowledge to manage effectively 18 percent of the U.S. economy.