By David Morgan and Jim Finkle
Jan 16 Republicans in Congress sought to
showcase what they call major security problems with the
Obamacare website HealthCare.gov on Thursday, just as U.S.
officials ramp up a national campaign to persuade young adults
to use the site to enroll in health insurance.
In a public messaging tug-of-war that will likely intensify
in coming weeks, the Republican-led House of Representatives
targeted the healthcare reform law in three separate oversight
hearings. Two were geared toward Republican claims that
HealthCare.gov remains vulnerable to hackers more than three
months after its botched Oct. 1 rollout.
Democrats accused Republicans of "cherry picking" partial
information about the website to try and scare consumers away
from it. Later in the day, Obamacare supporters, including
federal and state officials, staged a six-hour presentation on
YouTube.com intended to drive enrollment among
The administration also disclosed plans for a media
promotion campaign during next month's Winter Olympics in Sochi,
Russia, and unveiled 30-second ads with former basketball stars
Magic Johnson and Alonzo Mourning.
U.S. officials are eager to boost youth participation, which
is widely seen as vital to the success of President Barack
Obama's signature domestic policy achievement.
The administration needs enough young people, who are
typically healthier, so that their premiums will help offset
costs from older enrollees and prevent insurers from raising
Officials hope to enroll more than 2.5 million young
Americans in coverage by a March 31 deadline. So far they have
signed up only about one-fifth of that number, partly due to
early technical glitches at HealthCare.gov.
While the performance of the website has greatly improved,
the Obama administration is contending with fresh attacks from
Republicans eager to highlight the healthcare reform's flaws,
including security questions.
"It seems to defy common sense that a website plagued with
functional problems was, in fact, perfectly secure by design,"
said Darrell Issa, chairman of the House Oversight and
Government Reform Committee, who presided over one of Thursday's
At another Republican-led hearing, a cybersecurity
professional warned that the federal government has failed to
implement fixes necessary to protect the HealthCare.gov website
"HealthCare.gov is not secure today," David Kennedy, head of
computer security consulting firm TrustedSec LLC, told the House
Science, Space and Technology Committee.
HealthCare.gov is the consumer web portal to a 36-state
federal health insurance marketplace, which offers private
insurance, with federally subsidized rates for some consumers.
The 14 other states have built their own marketplaces.
Kennedy said "nothing has really changed" since a hearing
before the same committee in November when he and three other
expert witnesses said they believed the site was not secure and
three of them said it should be shut down immediately.
"I don't understand how we're still discussing whether the
website is insecure or not," said Kennedy, who worked for the
National Security Agency and the U.S. Marine Corps before
entering the private sector. "It is insecure - 100 percent."
Before the hearing, Kennedy told Reuters the government has
yet to plug more than 20 vulnerabilities that he and other
security experts reported to the government shortly after
HealthCare.gov went live on Oct. 1. Hackers could steal personal
information, modify data, attack the personal computers of
website users and damage the infrastructure of the site, Kennedy
said in an interview.
The Centers for Medicare and Medicaid Services (CMS), the
federal agency responsible for HealthCare.gov, said in a
statement to Reuters, "There have been no successful security
attacks on Healthcare.gov and no person or group has maliciously
accessed personally identifiable information from the site."
CMS said Kennedy's methodology undermined his findings:
"Because this individual had no direct access to the operations
of the HealthCare.gov website, the information in the report is
based on assumptions, not fact."
The agency's information security chief also publicly tried
to reassure lawmakers that the site is safe.
The CMS chief information security officer, Teresa Fryer,
said the website underwent end-to-end security testing on Dec.
18 and met all industry standards.
"The (federal marketplace) is secure. In many instances, we
have gone above and beyond what is required, with layered
protection, continuous monitoring and additional penetration
testing," Fryer said before the House Oversight panel.
Democratic Representative Elijah Cummings charged that
Republicans were "cherry-picking partial information to promote
a narrative that is inaccurate" about the Obamacare website,
when its security was "strong and keeps getting stronger".
Instead of holding ever more hearings on the Obamacare
website, lawmakers should be looking into the massive data
breach affecting millions at Target Corp, Cummings said
at the hearing where CMS's Fryer appeared.
As the hearings took place, Republicans sought to amplify
their anti-Obamacare message by advancing another bill to tweak
the law. The legislation, which passed by a 259-154 vote, would
require the Obama administration to issue weekly enrollment
The White House considers the transparency bill another
Republican attempt to harass implementation of its healthcare
reform. However, 33 Democrats voted for the bill. Last week, the
House passed a Republican measure that would require the
government to notify consumers in two days if their personal
information on HealthCare.gov has been compromised.