What did top officials know about Healthcare.gov's 'high risk' security flaws?

Top Obama administration officials were notified well in advance of the Affordable Care Act website’s “massive security risks” and they allowed the site to be released on the public regardless, documents released Monday by conservative watchdog group Judicial Watch show.

“These are more smoking gun documents that the Obama administration knowingly put the privacy of millions of Americans at risk through Obamacare’s healthcare.gov ‘marketplace,’” the group’s president, Tom Fitton, said in a statement.

Recommended Stories

“And these documents show that this administration was concerned about the political problems of the security flaws but couldn’t care less about the threat to privacy of millions of innocent Americans. Given what we now know about Obamacare’s security, I have little doubt that Healthcare.gov is in danger of being in violation of federal privacy laws. If you share private information on Healthcare.gov or a related Obamacare site, you should assume that your private information is unsecure and at risk at being hacked,” the statement added.

The documents show that top Centers for Medicare and Medicaid Services officials were not only aware of the website’s many issues, but that the agency measured these problems in terms of “political … damage” and how much “public embarrassment” would be caused by the flaws.

And although the Obamacare website’s security flaws have already been widely reported in broad terms, specific information detailing the exact nature of said flaws has only just now surfaced.

From the report:

In a September 3, 2013, “Authorization Decision” memo, Trenkle reveals a flaw involving Excel macros that could risk malicious code being uploaded into the system. According to a “Finding” in the just released unredacted memo, “FFM [Federally Facilitated Marketplaces] has an open high finding: Macros enabled on uploaded files allow code to execute automatically.”

In the “Finding Description” alongside that finding, the memo continues: “An excel file with a macro which executes when the spreadsheet is opened was uploaded for review by another user. The macro only opened up a command prompt window on the local user’s machine; however, the threat and risk potential is limitless. Keeping macros enabled relies on the local machine of the user who downloads to detect and stop malicious activity.”

Among the “Recommended Corrective Actions” to fix this problem, the memo says, “Implement a method for scanning uploaded documents for malicious macros.” Remarkably, the due date provided for the corrective actions to remedy this “limitless” risk problem is May 31, 2014 — eight months after the launch of Healthcare.gov.

Details regarding the nature of the website’s flaw come on the heels of the Wall Street Journal reporting earlier this month that the healthcare.gov website had been compromised by a hacker.

“A hacker broke into part of the Healthcare.gov insurance enrollment website in July and uploaded malicious software, according to federal officials,” the report said.

2453_Resp-Recs-1

Expect this and other details involving the disastrous Obamacare rollout to come back into the news as U.S. lawmakers continue to investigate the growing cost of the already expensive healthcare.gov website.

What did top officials know about Healthcare.gov’s ‘high risk’ security flaws?

Recommended Stories

Related Content

Heritage Foundation’s Jewish coalition falls apart

WATCH LIVE: White House press secretary Karoline Leavitt holds briefing

The App Store Freedom Act would weaken protections for children online

Social media reacts to Dick Cheney’s death

Moore launches Maryland redistricting committee despite low appetite among state Democrats

NEWS

POLICY

COMMENTARY

RESTORING AMERICA