We suppose Obama will read about this in the papers. Perhaps while flying to Hawaii for hihs luxurious 17-day vacation.
A top HealthCare.gov security officer told Congress there have been two, serious high-risk findings since the website’s launch, including one on Monday of this week, CBS News has learned.
Teresa Fryer, the chief information security officer for the Centers for Medicare and Medicaid Services (CMS), revealed the findings when she was interviewed Tuesday behind closed doors by House Oversight Committee officials. The security risks were not previously disclosed to members of Congress or the public. Obama administration officials have firmly insisted there’s no reason for any concern regarding the website’s security.
The Department of Health and Human Services (HHS) responded to questions about the security findings in a statement that said, “in one case, what was initially flagged as a high finding was proven to be false. In the other case, we identified a piece of software code that needed to be fixed and that fix is now in place. Since that time, the feature has been fully mitigated and verified by an independent security assessment, per standard practice.”
According to federal standards set by the National Institute of Standards and Technology (NIST), the potential impact of a high finding is “the loss of confidentiality, integrity, or availability could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals.”
Details are not being made public for security reasons but Fryer testified that one vulnerability in the system was discovered during testing last week related to an incident reported in November. She says that as a result, the government has shut down functionality in the vulnerable part of the system. Fryer said the other high-risk finding was discovered Monday.
In another security bombshell, Fryer told congressional interviewers that she explicitly recommended denial of the website’s Authority to Operate (ATO), but was overruled by her superiors. The website was rolled out amid warnings Fryer said she gave both verbally and in a briefing that disclosed “high risks” and possible exposure to “attacks”.
Oddly enough, Kathleen Sebelius lied about this under oath.
This is the first time a government insider has gone on record challenging the administration’s insistence that there were no worrisome security concerns. On Oct. 30, Rep. Gus Bilirakis, R-Fla., asked Health and Human Services (HHS) Secretary Kathleen Sebelius in testimony to Congress whether “any senior department officials” advised delaying the rollout of HealthCare.gov.
“I can tell you that no senior official reporting to me ever advised me that we should delay,” Sebelius answered. “We have testing that did not advise a delay. So not — not to my knowledge.”
She should be in prison by now considering how many times she’s lied under oath.