Healthcare.gov Faced Security Risks, Feds Were Told
As HHS secretary Sebelius testified to Congress about the flawed rollout, a memo surfaced that predicted security risks due to inadequate testing.
The AP report released Wednesday surfaced just as Department of Health and Human Services (HHS) secretary Kathleen Sebelius testified on Capitol Hill about the Healthcare.gov fiasco. While Sebelius admitted there should have been more testing, she said security was never an issue.
"Clearly the testing should have been longer and should have been more sufficient," Sebelius said to the House Energy and Commerce committee. "Contractors said, 'we would've loved more testing time, but we're ready to go ahead.'"
The internal HHS memo was sent to CMS chief Marylin Tavenner on Sept. 27 and warned that insufficient testing "exposed a level of uncertainty that can be deemed as a high risk." The sender of the memo was not identified.
The memo said contractors weren't able to test all the security controls before the launch, and recommended setting up a security team to address risks and conduct daily tests, with a full security test to follow within two to three months.
Sebelius said she was not advised to delay the Oct. 1 launch date, even though contractors couldn't perform end-to-end testing until mid-September, after the products and insurance policies were loaded into the system. Read full story on InformationWeek
Post a comment to the original version of this story on InformationWeek