Department of Health and Human Services officials knew of the security risks before launching healthcare.gov, the troubled website for the Obamacare health insurance program.
The officials — most of whom worked in HHS’s Medicare and Medicaid divisions — had been told that the site had numerous security flaws but they still chose to forge ahead with its launch last October, according to internal HHS memos obtained by Judicial Watch, a nonprofit government watchdog.
Judicial Watch got the documents through a Freedom of Information Act request and made them public Tuesday.
The documents describe the “limitless” risk of malicious code finding its way onto healthcare.gov and warn that security on the marketplace feature of the site “relies on the local machine of the user who downloads to detect and stop malicious activity.”
Among other concerns, CMS officials factored “public embarrassment” and political damage into their decision to launch the Obamacare marketplace while parts of the site remained untested and those that had been reviewed were deemed unsafe.
The memos note that deadlines for repairing many of the security problems weren’t established until months after millions of individuals had already entered their personal information into the website.
One of those flaws, which officials feared might produce “unintentional Denial of Service and information errors,” isn’t scheduled to be resolved until February 2015.
A Government Accountability Office report released in July found that HHS officials lacked planning and oversight throughout the healthcare.gov development process.
Besides healthcare.gov, the federal health insurance program operates online Obamacare exchanges in 36 states.
Go here to review the documents obtained by Judicial Watch.
Earlier this year, the HHS inspector general reported that total costs for designing and launching healthcare.gov were $1.7 billion.
Six of the 33 companies that received contracts for the website’s design and launch will receive $1.2 billion of the $1.7 billion total.
