January 17, 2014

In a sequel to a previous inquiry about the risks associated with the federal government's health insurance exchange website, the US House Science, Space, and Technology Committee held a hearing Tuesday entitled Healthcare.gov: Consequences of Stolen Identity.

While the testimony presented was a little less unanimous against the integrity of the website this time, Democratic members protested the premise of the hearing as biased and giving too much weight to speculation about potential vulnerabilities rather than evidence of real problems.

Testifying before a US House committee, David Kennedy, CEO of TrustedSEC, LLC, said that "nothing has changed" to alter the opinion he offered at the same committee's November hearing that the HealthCare.gov website is insecure and should have been shut down until basic flaws were corrected.

"I don't understand how we're still discussing whether the website is insecure or not. It is. It's not a question of whether it's insecure -- it's how to fix it," Kennedy said. He also provided the committee with a collection of letters from security experts -- Ed Skoudis, Kevin Mitnick, Kevin Johnson, Lares Consulting (Chris Gates, Eric Smith, Chris Nickerson), and John Strand -- echoing his condemnation.

Read the rest of this article on InformationWeek