WASHINGTON Feb 4 (Reuters) - U.S. health officials have investigated whether some of the software code underlying Obamacare’s technology infrastructure was produced by people connected to the government of Belarus, but so far have found no evidence of that being the case.
Caitlin Hayden, a spokeswoman for the White House National Security Council, confirmed that U.S. intelligence agencies recently retracted a report that questioned whether some of the software connected to the health reform law was developed in Belarus and could contain malicious code.
Officials of the White House and office of Director of National Intelligence did not explain precisely why the intelligence report, prepared by a U.S. spy unit called the Open Source Center, was withdrawn.
“We are aware of the report you reference, which was recalled by the Intelligence Community shortly after it was issued,” Hayden said in an email to Reuters.
Hayden said that immediately after learning of the recalled intelligence report, the Department of Health and Human Services launched a “review” to determine if any software associated with Obama’s new healthcare program, commonly known as Obamacare, had been written by developers in Belarus.
“So far HHS has found no indications that any software was developed in Belarus,” Hayden said.
However, she said that “as a matter of due diligence,” HHS will “continue to review the supply chain. Supply chain risk is real and it is one of our top concerns in the area of cyber security,” Hayden added.
Representatives from HHS and the Centers for Medicare & Medicaid Services, which oversees much of the health reform law, were not immediately available for comment.
The report of a potential vulnerability in the software code underlying Obamacare could fuel efforts by Obama’s Republican critics to highlight what they call major security problems with the Obamacare website HealthCare.gov.
Overall, the rollout of the Affordable Care Act, or Obamacare, has been plagued by technical problems, many of which have since been fixed.
The allegation that intelligence agencies issued, then withdrew, a report raising questions about the provenance of healthcare program software was published late Monday by the Washington Free Beacon, a conservative website.
The Free Beacon said that intelligence officials had specifically warned that “programmers in Belarus, a former Soviet republic closely allied with Russia, were suspected of inserting malicious code that could be used for cyber attacks.”
The Free Beacon quoted one anonymous official alleging that, “The U.S. Affordable Care Act software was written in part in Belarus by software developers under state control, and that makes the software a potential target for cyber attacks.”
The website noted that the software in question moved data from the millions of Americans who signed up for the government’s new healthcare program to federal agencies and to hundreds of medical institutions and healthcare providers.
Shawn Turner, chief spokesman for U.S. Director of National Intelligence James Clapper, said in an email that the withdrawn intelligence report about Belarus “was an Open Source Center daily update that was recalled because it failed to meet internal requirements for classification review.”
He declined to elaborate.
The report was marked, “Unclassified/For Official Use Only,” according to a U.S. official who saw it, who asked not to be named.
A senior Obama administration official said that the administration’s ”initial analysis is that compromising the software described in the report would have little utility to a nation state.
“But we are doing a thorough review anyway,” the official said.
Reporting by Mark Hosenball; additional reporting by Roberta Rampton; Editing by Karey Van Hall and Andrew Hay